By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
424,846 Members | 1,680 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 424,846 IT Pros & Developers. It's quick & easy.

How do you lock down phpMyAdmin?

P: n/a
What technique do you folks use to keep your passwords and user names out of
the phpMyAdmin config.inc file.

Thanks,

Al
Jul 17 '05 #1
Share this Question
Share on Google+
4 Replies


P: n/a
> What technique do you folks use to keep your passwords and user names out
of
the phpMyAdmin config.inc file.

use the http auth which is included?!

yours, dreamguard.

--
"Ich bin Vegetarier und Antialkoholiker,
weil ich so besseren Gebrauch von meinem
Gehirn machen kann!"
--
Author: Thomas A. Edison (1847 - 1931)
Jul 17 '05 #2

P: n/a
In article <3f***********************@newsreader01.highway.te lekom.at>,
"Wolfgang 'Dreamguard' Nagele" <dr********@dreamguard.at> wrote:
What technique do you folks use to keep your passwords and user names out

of
the phpMyAdmin config.inc file.

use the http auth which is included?!


But http auth sends your username and password in the clear over the
network.

I use 'config' authentication without the password in the config.inc.php
like this:

I put a file (say, 'worteltje_boven.inc.php') which contains my password
outside the document root somewhere. I define my password in that file:

define('WORTELTJE_BOVEN', 'secret_password');

I then 'require' that file at the top of the config.inc.php:

require('/path/to/worteltje_boven.inc.php');

And then I do this:

$cfg['Servers'][$i]['password'] = WORTELTJE_BOVEN;

JP

--
Sorry, <de*****@cauce.org> is een "spam trap".
E-mail adres is <jpk"at"akamail.com>, waarbij "at" = @.
Jul 17 '05 #3

P: n/a
Jan Pieter Kunst wrote:
In article <3f***********************@newsreader01.highway.te lekom.at>,
"Wolfgang 'Dreamguard' Nagele" <dr********@dreamguard.at> wrote:
> What technique do you folks use to keep your passwords and user names out

of
> the phpMyAdmin config.inc file.

use the http auth which is included?!


But http auth sends your username and password in the clear over the
network.

I use 'config' authentication without the password in the config.inc.php
like this:

I put a file (say, 'worteltje_boven.inc.php') which contains my password
outside the document root somewhere. I define my password in that file:

define('WORTELTJE_BOVEN', 'secret_password');

I then 'require' that file at the top of the config.inc.php:

require('/path/to/worteltje_boven.inc.php');

And then I do this:

$cfg['Servers'][$i]['password'] = WORTELTJE_BOVEN;

JP


Yes, this looks good. Why do you use a CONSTANT instead of plain old
variable? Are they somehow more secure?

Here is something that I do for my own apps. I have a file like you have. But
instead of the the real password run it through an encryptor that I have and
end up with something like $mypass="wouydos8737sl72lsh;als8".

I then "include" the file with these encrypted variables and run them through
the decrypt routine (a rather short PHP class) and plug that result into
session variables.

What I could do for myphpadmin config is something similar. I just thought
there might be an easier way.
Jul 17 '05 #4

P: n/a
In article <Bv***************@newsread3.news.pas.earthlink.ne t>,
"Adams-Blake Co." <at************@adams.takeme.out.-blake.com> wrote:
Yes, this looks good. Why do you use a CONSTANT instead of plain old
variable? Are they somehow more secure?


There is no particular reason I used a constant instead of a variable in
this case. Now that I think of it, constants may be more secure than
variables in the sense that they can't be redefined during execution of
the script, so there is no way that someone can maliciously change their
values to something evil. But I don't think that applies to this
phpmyadmin setup. (A changed value for the mysql password would simply
not work.)

JP

--
Sorry, <de*****@cauce.org> is een "spam trap".
E-mail adres is <jpk"at"akamail.com>, waarbij "at" = @.
Jul 17 '05 #5

This discussion thread is closed

Replies have been disabled for this discussion.