Angel -
Joined: 17 Nov 2003 Posts: 157 Location: Everett, Washington
|
Posted: Tue Oct 19, 2004 11:50 am Post subject: Setting Up A Log in Screen For PhpMyadmin |
|
|
Here's some added security I found out about somewhere (I dont quite recall where or what site) to ward of those hackers.
Quote: |
PhpMyAdmin supports two types of Authentication cookie based and HTTP-based.
to use Either way you need to first create a MySql user with restricted permissions.
You wont be using this account to log in anywhere it is simply and account that
PhpMyAdmin uses to check Authentication.
Create A Restricted User
You can Create the User by using the following Query on PhpMyAdmin in this example the
user name and Password are SECURE. you should change this for security purposes.
GRANT USAGE ON mysql.* TO SECURE@localhost IDENTIFIED BY "SECURE";
GRANT SELECT (
Host, User, Select_priv, Insert_priv, Update_priv, Delete_priv,
Create_priv, Drop_priv, Reload_priv, Shutdown_priv, Process_priv,
File_priv, Grant_priv, References_priv, Index_priv, Alter_priv,
Show_db_priv, Super_priv, Create_tmp_table_priv, Lock_tables_priv,
Execute_priv, Repl_slave_priv, Repl_client_priv
) ON mysql.user TO SECURE@localhost;
GRANT SELECT ON mysql.db TO SECURE@localhost;
GRANT SELECT ON mysql.host TO SECURE@localhost;
GRANT SELECT (Host, Db, User, Table_name, Table_priv, Column_priv)
ON mysql.tables_priv TO SECURE@localhost;
Doing this creates a user that can use and perform SELECT queries on all the tables
in the MySql database.
Decide which type of authentication you would like to use.
And follow the instructions Accordingly.
COOKIE AUTHENTICATION INSTRUCTIONS
Next you'll need to configure your config.inc.php file. Find the
controluser
&
controlpass
variables located in the file and edit them to resemble the example below.
$cfg['blowfish_secret'] = 'FISHY';
$cfg['Servers'][$i]['host'] = 'localhost'; // MySQL hostname
$cfg['Servers'][$i]['port'] = ''; // MySQL port - leave blank for default port
$cfg['Servers'][$i]['socket'] = ''; // Path to the socket - leave blank for default socket
$cfg['Servers'][$i]['auth_type'] = 'cookie'; // Authentication method
$cfg['Servers'][$i]['user'] = ''; // MySQL user
$cfg['Servers'][$i]['password'] = ''; // MySQL password
$cfg['Servers'][$i]['controluser'] = 'SECURE'; // MySQL control user settings
$cfg['Servers'][$i]['controlpass'] = 'SECURE';// access to the grant tables
Remember to remover your old user name and password as I have in the example. Also
the variable $cfg['blowfish_secret'] can be anything you would like it to be. and cookie
should have replace the word config.
Now go and log into your PhpMyAdmin using YOUR name and password not the one we created
but the one you normally use.
HTTP AUTHENTICATION INSTRUCTIONS
Configure your config.inc.php file. Find the
controluser
&
controlpass
variables located in the file and edit them to resemble the example below.
$cfg['blowfish_secret'] = 'FISHY';
$cfg['Servers'][$i]['host'] = 'localhost'; // MySQL hostname
$cfg['Servers'][$i]['port'] = ''; // MySQL port - leave blank for default port
$cfg['Servers'][$i]['socket'] = ''; // Path to the socket - leave blank for default socket
$cfg['Servers'][$i]['auth_type'] = 'HTTP'; // Authentication method
$cfg['Servers'][$i]['user'] = ''; // MySQL user
$cfg['Servers'][$i]['password'] = ''; // MySQL password
$cfg['Servers'][$i]['controluser'] = 'SECURE'; // MySQL control user settings
$cfg['Servers'][$i]['controlpass'] = 'SECURE';// access to the grant tables
Remember to remover your old user name and password as I have in the example. Also
the variable $cfg['blowfish_secret'] can be anything you would like it to be. and cookie
should have replace the word config.
Now go and log into your PhpMyAdmin using YOUR name and password not the one we created
but the one you normally use. |
Hope this helps..... :) _________________ Noize Pollution | Angel's Online | Free Net Builders | Pagan Portal |
|