?
Solved

phpmyadmin, locking down

Posted on 2004-11-04
8
Medium Priority
?
266 Views
Last Modified: 2010-04-20
right now, I go to www.mysite.com/mysqladmin/index.php and I have full permission to do anything I want.  How do I make it prompt for login?
0
Comment
Question by:wirthr
8 Comments
 
LVL 9

Expert Comment

by:e-tsik
ID: 12501435
Hi :->

Put the following file in the folder to which you have installed phpmyadmin (for Redhat/Fedora Code it should be '/var/www/html/mysqladmin')

/var/www/html/mysqladmin/.htaccess:
==========================================
AuthUserFile IUauth                                                            
AuthGroupFile /dev/null                                                        
AuthType Basic                                                                  
AuthName "IU Network ID"                                                        
                                                                               
                                                               
require user myaccount
==========================================
Replace myaccount with the user you would like to be able to login.
e.g.
require user john

Enjoy!
0
 
LVL 26

Expert Comment

by:Umesh
ID: 12502020
Hi,

Also you can try this..edit config.inc.php & look for the below line & put authentication method to http

$cfg['Servers'][$i]['auth_type']     = 'http';    // Authentication method (config, http or cookie based)?


This will validate againt the table user (database mysql) also this would lists only those databases on which this user have privileges..

0
 
LVL 2

Expert Comment

by:deurk
ID: 12502375
If you just installed MySQL and PhpMyAdmin, first make sure your MySQL root user has a password set.
(http://dev.mysql.com/doc/mysql/en/Post-installation.html)

When it does, you should be prompt for a user/password when connecting to PhpMyAdmin without changing anything on the web serevr (setting up .htaccess or anything else).

Make sure to reload your MySQL server too.

If it still doesn't work, check config.inc.php in PhpMyAdmin directory and look at the following lines:
$cfg['Servers'][$i]['auth_type']     = 'config';    // Authentication method (config, http or cookie based)?
$cfg['Servers'][$i]['user']          = 'root';      // MySQL user
$cfg['Servers'][$i]['password']      = 'your-password-here';          // MySQL password (only needed with 'config' auth_type)

Set those like this and you'll be able to log in (without a change in configs any more) with any created MySQL user and be able to access databases according to the rights defined in MySQL. (Meaning you could create a test user who would only be able to play with a test database by logging into PhpMyAdmin without being able to see or modify any other database, what wouldn't be permitted with the .htaccess mentionned above that would just restrict access to the web page of PhpMyAdmin).

Hope this helps.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 6

Author Comment

by:wirthr
ID: 12506153
deurk, I have everything set that way, but when I go to my site, it automatically logs in root user
0
 
LVL 6

Author Comment

by:wirthr
ID: 12506182
ushastry, same thing when I change it to http, it logs in as root
0
 
LVL 2

Accepted Solution

by:
deurk earned 2000 total points
ID: 12506263
Are you sure you didn't check a remember password box, or have a cookie set for a certain time that allows you not to have to relog?

Do you have a pasword set for your MySQL Server?
(Try mysql -u root and mysql -u root -p to check)

If you DO have a password set for root, then remove the password from the config file of phpmyadmin ans use http (I made a mistake), this should do it:
$cfg['Servers'][$i]['auth_type']     = 'http';      // Authentication method (config, http or cookie based)?
$cfg['Servers'][$i]['user']          = 'root';      // MySQL user
$cfg['Servers'][$i]['password']      = '';          // MySQL password (only needed

Try it and tell me :)
0
 
LVL 6

Author Comment

by:wirthr
ID: 12506338
yep, that worked.  So now, if I create users in mysqladmin, they would be able to log in? Thanks for your help.
0
 
LVL 2

Expert Comment

by:deurk
ID: 12506437
Yes they will with only their proper tights ^^

Glad it helped :)
0

Featured Post

[Webinar On Demand] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you have a server on collocation with the super-fast CPU, that doesn't mean that you get it running at full power. Here is a preamble. When doing inventory of Linux servers, that I'm administering, I've found that some of them are running on l…
Cron is one of the most popular and basic utilities found on Unix systems. Combined with other tools, cron makes it exceptionally easy to automate a broad range of tasks on your server.
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial
Suggested Courses
Course of the Month9 days, 1 hour left to enroll

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question