LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 06-01-2003, 07:22 PM   #1
martinman
Member
 
Registered: Apr 2003
Distribution: Gentoo 1.4
Posts: 290

Rep: Reputation: 30
Securing phpMyAdmin


Hey all, just installed phpMyAdmin 2.5.1rc1, and it's great

however, i have some security issues:
in my config file, i have my auth_type set to http, so my .htaccess file can handle it.

if i go to http://localhost/phpMyAdminfolder/ I get a login prompt, which is good. I can login with root or martinman with passwords, which works fine.

however! i can also login with ANY username (even asldfalt) and NO password, even though i can't even see any databases.

I want it to be so that the ONLY accounts that can get in are martinman and root

here's my .htaccess file:
Code:
AuthUserFile /var/www/html/phpMyAdmin-2.5.0-rc1/.htpasswd
                                                                                                                                             
AuthGroupFile /dev/null
                                                                                                                                             
AuthName phpMyAdmin
                                                                                                                                             
AuthType Basic
                                                                                                                                             
<Limit GET>
                                                                                                                                             
require martinman
require root
                                                                                                                                             
</Limit>
and my .htpasswd file:
Code:
martinman:encrypted stuff
root:encrypted stuff
any help ASAP would be great
 
Old 06-02-2003, 11:34 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,457
Blog Entries: 54

Rep: Reputation: 2897Reputation: 2897Reputation: 2897Reputation: 2897Reputation: 2897Reputation: 2897Reputation: 2897Reputation: 2897Reputation: 2897Reputation: 2897Reputation: 2897
What does the apache log and errorlog say?
Could you post the complete config for the dir you're trying to passwd (starting and ending with the "directory" tag)? Btw, it would be more secure if you placed the passwd file outside of the docroot no user except Apache's need reading it.
 
Old 06-02-2003, 12:13 PM   #3
markus1982
Senior Member
 
Registered: Aug 2002
Location: Stuttgart (Germany)
Distribution: Debian/GNU Linux
Posts: 1,467

Rep: Reputation: 46
your base php configuration should of course ALSO be secure. like with basepath, safe_mode, etc enabled and properly configured!
 
Old 06-02-2003, 02:09 PM   #4
martinman
Member
 
Registered: Apr 2003
Distribution: Gentoo 1.4
Posts: 290

Original Poster
Rep: Reputation: 30
erm, could you guys walk me through as where my apache log is, and how to enable php safe mode?
 
Old 06-02-2003, 04:23 PM   #5
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,457
Blog Entries: 54

Rep: Reputation: 2897Reputation: 2897Reputation: 2897Reputation: 2897Reputation: 2897Reputation: 2897Reputation: 2897Reputation: 2897Reputation: 2897Reputation: 2897Reputation: 2897
The easiest way to find your Apache logs is to read your own http.conf, or check the default log dir locations.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
something better than phpmyadmin? Andrus Linux - Software 0 10-14-2005 06:57 PM
phpmyadmin help dickohead Programming 2 05-01-2005 03:29 AM
phpMyadmin riluve Linux - Software 4 02-13-2005 05:04 PM
phpmyadmin? gruessle Linux - Newbie 4 01-09-2004 12:09 AM
phpmyadmin seanlinux Linux - Software 1 12-06-2003 04:17 PM


All times are GMT -5. The time now is 08:30 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration