View Full Version : phpMyAdmin 2.5.4 security

10-31-2003, 04:44 PM
I am using phpMyAdmin 2.5.4, the problem is, there is no secruity, if people know where my phpMyAdmin's index.php page is located, then that person will have full access to my database.

I tried to modify the index page and the config page (user must enter username, password and server_name into the form), but I can't get it working.

Can you help me?? any suggestions will be great.



10-31-2003, 11:14 PM
I would set up a .htaccess file, most control panels come with this option, usually called Password Protect Directories, or something like that.

11-01-2003, 04:30 AM
Hello missing score,

Do you know you are the first person who got me into php and mysql, long long time ago (I doubt that you remember me), I was a newbie (like everyone else), and you helped me out alot by answering my post, and now I am back again. thank you missing-score for all the supports...


I don't quite understand what you mean there, can you explain a little more?

11-01-2003, 11:51 AM
wow, did i? i do remember you :) but i cant remember what the post was about.

.htaccess is something that can be used for site config. It can allow/disallow access to folders and files, set error documents (eg: when you see a customised HTTP 404 page), stop people hot linking images (displaying your image on their site via http:// link) and password protect directories. There are other things that .htaccess can do, and this link may help. http://javascriptkit.com/howto/htaccess.shtml

as far as i know, .htaccess isnt available on NT servers, but appearently there are similar capabilities.

anyways, do you have a site control panel? If you do, there is a good chance that it will have a "Password Protect Directories" section, or something similar to that. Here you can automatically set up .htaccess password protection for certain directories.

If there is no link on the control panel, there is instructions on that link to manually setting up a .htaccess password protection, however, i have never manually set one up.

If you do not have .htaccess, I will have a look at phpMyAdmin (im running on my local server) and look for a built in password protection system.

11-01-2003, 06:35 PM


$cfg['Servers'][$i]['auth_type'] = '
make sure inside the ''s it is http so it looks like

$cfg['Servers'][$i]['auth_type'] = 'http'; // Authentication method (config, http or cookie based)?

this prompts for the user and pass (control user?)

11-01-2003, 08:01 PM
or do that :p, never realised that was in there.

11-02-2003, 06:13 PM
that prompts for user and pass, is there a way to prompt for the mysql server where I want it to connect?

I am working on many servers..

Thank you:)

11-03-2003, 12:16 PM
Not that I am aware of :-(

11-03-2003, 05:24 PM
no, i dont think there is, ive had a quick look through but i cant find anything. :(