phpipam Reviews

User Ratings

4.8 out of 5 stars

★★★★★

★★★★

★★★

★★

★

ease 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5 4 / 5

features 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5 4 / 5

design 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5 4 / 5

support 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5 4 / 5

Rate This Project

Featured Reviews

Highest Rated

Having been through and trialed a number of IPAMS we are using PHPIPAM Love it! I didn't rate it 5 because there is room to improve. In fact we like it so much we want to help!

Lowest Rated

Our company stopped using PHPIPAM (1.0) after a third-party auditor reported that it contained a number of security vulnerabilities, including SQL injections. For example, in functions-common.php, the get_menu_html() function reads in "subnetId" directly from the REQUEST, which gets passed to getAllParents(), which calls getSubnetDetailsById() in functions-network.php, which appears to drop the raw subnetId data right into a querystring executed at normal phpipam DB permissions. (You can grep the PHP code for more "$query" instances and back out to the related REQUEST or POST variable population to see similar examples.) The application also encourages IT admins to put "domain admin" credentials in clear text into the adLDAP.php file for optional AD/LDAP integration; there are safer ways to store these! (Using just MD5 for local user passwords also makes me nervous since a lot of the passwords stored here might be those of admins using the same password across multiple systems...) All in all, I think the project would benefit from a switch to PHP prepared statements and better credential protection. The functionality seems solid, but it could use better security (e.g., there appears to be some sanitization happening with parameters like username, but it's not universal), even if the app is normally only installed "behind the firewall."

User Reviews

Filter Reviews:

All

akbarma61 Posted 2013-01-20

The software can detect whether conflit IP me?
uminac Posted 2012-11-30

Easy to use and easy on the eyes.
flokr Posted 2012-10-15

Very great app. Good enough to replace IP addresses management using Excel worksheets! The user interface is very clean (we can also say it looks quite beautiful, which is a pretty rare feature for a management tool) and fast, the setup is very very easy. We installed it a few weeks ago to manage a few ipv4 large subnets and an ipv6 subnet, we are going to see if can rely on it, but we can say that we are already very happy with it. There'll be a before and an after phpipam ;) Myha, if you come to Paris, we'll get you a beer!
oid-3966813 Posted 2012-09-05

i am getting this issue when i login with Non admin Role. Database needs upgrade. Please contact site administrator (Sysadmin)!
gmsousa Posted 2012-08-11

Very nice and helpfull!! And very clean and fast!!
oid-3934928 Posted 2012-08-03

Has potential but still lacking in a lot of areas. I don't want to come off as negative, hopefully more constructive than anything. Some issues I have are: * No built in ip scanning (I had to write my own poller for my evaluation of this software) * No subnet joining/splitting * No API (though it's on the roadmap, I don't see any commits related to it) * Difficult to visualize where ip gaps are since all ips are added manually * When viewing subnets, IPs within the subnet are all displayed in a single page, so if you have say a /20, or even an IPv6 /64, be prepared for your browser to s*** bricks. * SQL queries in code tend to utilize 'Select * from...', even when just needing a single column from a table. For example the 'getIpAddrDetailsById' function which also should have used a 'limit 1' in it's sql query. But that is just an example. * No active mailing list or community. Like I said, this software has potential and also has some nice features. It's aesthetically pleasing, just not ready for large deployments. I think the author has done a great job so far
oid-3890640 Posted 2012-06-22

manageSubnetEdit.php buggy / problematic. When attempting to add a new subnet, clicking "Add" produces no dialogue box or result as does in the online demo (using appropriate CIDR addressing, etc). Rolled back to 0.5 and found same issue. I thought it was a CSS issue at first hiding the dialogue, but the fact its not adding it to the tree/root as the online demo does hints to me something else is amiss. It appears potential here if this sort of thing resolved?
latuannetnam Posted 2012-05-08

Hi, I found a bug in 0.6: - file manageSubnet.php, line 127: must be $subSlave['description'] not $slave['description']
n8bit Posted 2012-03-13

Awesome piece of software, excellent interface with active development!
oid-3760064 Posted 2012-03-04

Exactly what I was looking for. It has all the features I need and none that I don't. Plus the code is written very well and easy to fix current issues or customize.
andremuraro Posted 2011-12-15

This is great. Help and great for those who need to create an "As Built" and manage the network! Thank your so much! Regards
robmaaseu Posted 2011-07-01

plain simple and very usefull !!

Previous
1
You're on page 2
Next

phpipam open-source IP address management

Get an email when there's a new version of phpipam