...

View Full Version : phpMyAdmin 2.5.4 security



weronpc
10-31-2003, 04:44 PM
I am using phpMyAdmin 2.5.4, the problem is, there is no secruity, if people know where my phpMyAdmin's index.php page is located, then that person will have full access to my database.

I tried to modify the index page and the config page (user must enter username, password and server_name into the form), but I can't get it working.

Can you help me?? any suggestions will be great.

Thanks,

Mike

missing-score
10-31-2003, 11:14 PM
I would set up a .htaccess file, most control panels come with this option, usually called Password Protect Directories, or something like that.

weronpc
11-01-2003, 04:30 AM
Hello missing score,

Do you know you are the first person who got me into php and mysql, long long time ago (I doubt that you remember me), I was a newbie (like everyone else), and you helped me out alot by answering my post, and now I am back again. thank you missing-score for all the supports...

anyway,

I don't quite understand what you mean there, can you explain a little more?

missing-score
11-01-2003, 11:51 AM
wow, did i? i do remember you :) but i cant remember what the post was about.

.htaccess is something that can be used for site config. It can allow/disallow access to folders and files, set error documents (eg: when you see a customised HTTP 404 page), stop people hot linking images (displaying your image on their site via http:// link) and password protect directories. There are other things that .htaccess can do, and this link may help. http://javascriptkit.com/howto/htaccess.shtml

as far as i know, .htaccess isnt available on NT servers, but appearently there are similar capabilities.

anyways, do you have a site control panel? If you do, there is a good chance that it will have a "Password Protect Directories" section, or something similar to that. Here you can automatically set up .htaccess password protection for certain directories.

If there is no link on the control panel, there is instructions on that link to manually setting up a .htaccess password protection, however, i have never manually set one up.

If you do not have .htaccess, I will have a look at phpMyAdmin (im running on my local server) and look for a built in password protection system.

Acecool
11-01-2003, 06:35 PM
Um

config.inc.php

Find
$cfg['Servers'][$i]['auth_type'] = '
make sure inside the ''s it is http so it looks like

$cfg['Servers'][$i]['auth_type'] = 'http'; // Authentication method (config, http or cookie based)?

this prompts for the user and pass (control user?)

missing-score
11-01-2003, 08:01 PM
or do that :p, never realised that was in there.

weronpc
11-02-2003, 06:13 PM
that prompts for user and pass, is there a way to prompt for the mysql server where I want it to connect?

I am working on many servers..

Thank you:)

Acecool
11-03-2003, 12:16 PM
Not that I am aware of :-(

missing-score
11-03-2003, 05:24 PM
no, i dont think there is, ive had a quick look through but i cant find anything. :(



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum