Securing phpMyAdmin
Hey all, just installed phpMyAdmin 2.5.1rc1, and it's great
however, i have some security issues: in my config file, i have my auth_type set to http, so my .htaccess file can handle it. if i go to http://localhost/phpMyAdminfolder/ I get a login prompt, which is good. I can login with root or martinman with passwords, which works fine. however! i can also login with ANY username (even asldfalt) and NO password, even though i can't even see any databases. I want it to be so that the ONLY accounts that can get in are martinman and root here's my .htaccess file: Code:
AuthUserFile /var/www/html/phpMyAdmin-2.5.0-rc1/.htpasswd Code:
martinman:encrypted stuff |
What does the apache log and errorlog say?
Could you post the complete config for the dir you're trying to passwd (starting and ending with the "directory" tag)? Btw, it would be more secure if you placed the passwd file outside of the docroot no user except Apache's need reading it. |
your base php configuration should of course ALSO be secure. like with basepath, safe_mode, etc enabled and properly configured!
|
erm, could you guys walk me through as where my apache log is, and how to enable php safe mode?
|
The easiest way to find your Apache logs is to read your own http.conf, or check the default log dir locations.
|
All times are GMT -5. The time now is 12:43 PM. |