What technique do you folks use to keep your passwords and user names out of
the phpMyAdmin config.inc file.
Thanks,
Al 4 5608
> What technique do you folks use to keep your passwords and user names out
of the phpMyAdmin config.inc file.
use the http auth which is included?!
yours, dreamguard.
--
"Ich bin Vegetarier und Antialkoholiker ,
weil ich so besseren Gebrauch von meinem
Gehirn machen kann!"
--
Author: Thomas A. Edison (1847 - 1931)
In article <3f************ ***********@new sreader01.highw ay.telekom.at>,
"Wolfgang 'Dreamguard' Nagele" <dr********@dre amguard.at> wrote: What technique do you folks use to keep your passwords and user names out of the phpMyAdmin config.inc file. use the http auth which is included?!
But http auth sends your username and password in the clear over the
network.
I use 'config' authentication without the password in the config.inc.php
like this:
I put a file (say, 'worteltje_bove n.inc.php') which contains my password
outside the document root somewhere. I define my password in that file:
define('WORTELT JE_BOVEN', 'secret_passwor d');
I then 'require' that file at the top of the config.inc.php:
require('/path/to/worteltje_boven .inc.php');
And then I do this:
$cfg['Servers'][$i]['password'] = WORTELTJE_BOVEN ;
JP
--
Sorry, <de*****@cauce. org> is een "spam trap".
E-mail adres is <jpk"at"akamail .com>, waarbij "at" = @.
Jan Pieter Kunst wrote: In article <3f************ ***********@new sreader01.highw ay.telekom.at>, "Wolfgang 'Dreamguard' Nagele" <dr********@dre amguard.at> wrote:
> What technique do you folks use to keep your passwords and user names out of > the phpMyAdmin config.inc file. use the http auth which is included?!
But http auth sends your username and password in the clear over the network.
I use 'config' authentication without the password in the config.inc.php like this:
I put a file (say, 'worteltje_bove n.inc.php') which contains my password outside the document root somewhere. I define my password in that file:
define('WORTELT JE_BOVEN', 'secret_passwor d');
I then 'require' that file at the top of the config.inc.php:
require('/path/to/worteltje_boven .inc.php');
And then I do this:
$cfg['Servers'][$i]['password'] = WORTELTJE_BOVEN ;
JP
Yes, this looks good. Why do you use a CONSTANT instead of plain old
variable? Are they somehow more secure?
Here is something that I do for my own apps. I have a file like you have. But
instead of the the real password run it through an encryptor that I have and
end up with something like $mypass="wouydo s8737sl72lsh;al s8".
I then "include" the file with these encrypted variables and run them through
the decrypt routine (a rather short PHP class) and plug that result into
session variables.
What I could do for myphpadmin config is something similar. I just thought
there might be an easier way.
In article <Bv************ ***@newsread3.n ews.pas.earthli nk.net>,
"Adams-Blake Co." <at************ @adams.takeme.o ut.-blake.com> wrote: Yes, this looks good. Why do you use a CONSTANT instead of plain old variable? Are they somehow more secure?
There is no particular reason I used a constant instead of a variable in
this case. Now that I think of it, constants may be more secure than
variables in the sense that they can't be redefined during execution of
the script, so there is no way that someone can maliciously change their
values to something evil. But I don't think that applies to this
phpmyadmin setup. (A changed value for the mysql password would simply
not work.)
JP
--
Sorry, <de*****@cauce. org> is een "spam trap".
E-mail adres is <jpk"at"akamail .com>, waarbij "at" = @. This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: SCS |
last post by:
Running PHP 4.5.7
PHPMyAdmin 2.5.7-pl1
IIS 6
I am thrying to get phpmyadmin to work, but whenever I click a link or try
to browse a database I get a 404 error, because the PmaAbsoluteUri
auto-detection is nor working properly.
Im pretty sure it is a problem with my php.ini file, but Im not sure where
to look... can someone please help
|
by: mojo jojo |
last post by:
This may really be a phpMyAdmin problem, I think - but keen to hear your
thoughts. Any help appreciated.
Using phpMyAdmin to export an entire database works fine - I get a
mydatabase.sql file.
Restoring (using phpMyAdmin) usually work fine. However, if any of the data
in any of the fields contains the '#' character, it bombs out citing a
syntax error. I have tried escaping the character with '\' to no avail -
still gives syntax errors.
|
by: Christoph Zeltner |
last post by:
hi,
i am writing a thesis on the concurrency control in db2 udb and oracle. I
found in the documentary of db2, that
a resource holding a (U)pdate-Lock can still be requested by a read-lock
(e.g. S). If the U-Lock wants to convert to a write-lock, does the
transaction have to wait for the transaction with the S-lock to finish ? Can
it starve ? Is this the symmetric RUX-Protocoll ? Questions, so many
questions ...
|
by: charlies224 |
last post by:
Hi,
I am writting a software that requires me to make sure the Num Lock is
always on and Caps Lock is always off.
First, I know how to detect if Num Lock or Caps Lock is on or off (if
someone is interested, let me know and I will send you the codes). Once
we know if the stat of Num Lock/ Caps Lock is not what we desired, we
just send the Num Lock / Caps Lock key to change the stat. From most of
|
by: Marcus |
last post by:
Hello,
I am having a problem with a query in phpMyAdmin... it works fine on my
localhost, but the exact same query produces an error in phpMyAdmin on
my server:
localhost: PHP 4.3.11, MySQL 4.1.12, phpMyAdmin 2.8.1
server: PHP 4.3.11, MySQL 4.1.12, phpMyAdmin 2.6.3-pl1
SELECT AES_DECRYPT(pass, 'asdf') FROM `test`
| |
by: Victor |
last post by:
Could anybody kindly point me to a clue in the following enigma :
I have phpMyAdmin - 2.8.2.4 and MySQL - 4.1.13-nt. In the phpMyAdmin
opened in any browser I am able to enter and store Russian characters
in the DB; I cal also call the data back to display them in the
phpMyAdmin.
When I try to do the same from my own page, only some garbage with
double as many characters as an original word gets stored in the DB (at
least I see it...
|
by: Jonathan Sachs |
last post by:
I just tried to install phpMyAdmin on my system, and I can't get it to
work. When I tried to run the setup procedure (setup.php) I got the
following message:
Fatal error: session_start() : Failed to
initialize storage module: user (path: C:\...\Temp\php\session) in
D\...\phpMyAdmin\libraries\session.inc.php on line 86
I set up the config file by hand, then tried to run phpMyAdmin and got
the same error.
|
by: Marco |
last post by:
Hi all,
with db2 snapshot I know the lock waits number but I can not see the
tables with locks an I can not see queries that produces locks.
How can I know those details?
Thanks
Marco Strullato
|
by: seanh |
last post by:
Hi all,
I need some advice regarding phpmyadmin, I installed phpmyadmin directory in the htdocs but when I go to my http://mysite.com/phpmyadmin I get a 500 internal error. I checked the files from phpMyAdmin-3.1.3.2-english that I unziped on my desktop and compared each one to the ftp phpmyadmin directory files on the server so all files are all there. I also added config.inc.php file and put it inside phpmyadmin directory. I was wondering...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
| |
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |