phpmyadmin, locking down

right now, I go to www.mysite.com/mysqladmin/index.php and I have full permission to do anything I want.  How do I make it prompt for login?
LVL 6
wirthrAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

e-tsikCommented:
Hi :->

Put the following file in the folder to which you have installed phpmyadmin (for Redhat/Fedora Code it should be '/var/www/html/mysqladmin')

/var/www/html/mysqladmin/.htaccess:
==========================================
AuthUserFile IUauth                                                            
AuthGroupFile /dev/null                                                        
AuthType Basic                                                                  
AuthName "IU Network ID"                                                        
                                                                               
                                                               
require user myaccount
==========================================
Replace myaccount with the user you would like to be able to login.
e.g.
require user john

Enjoy!
0
UmeshMySQL Principle Technical Support EngineerCommented:
Hi,

Also you can try this..edit config.inc.php & look for the below line & put authentication method to http

$cfg['Servers'][$i]['auth_type']     = 'http';    // Authentication method (config, http or cookie based)?


This will validate againt the table user (database mysql) also this would lists only those databases on which this user have privileges..

0
deurkCommented:
If you just installed MySQL and PhpMyAdmin, first make sure your MySQL root user has a password set.
(http://dev.mysql.com/doc/mysql/en/Post-installation.html)

When it does, you should be prompt for a user/password when connecting to PhpMyAdmin without changing anything on the web serevr (setting up .htaccess or anything else).

Make sure to reload your MySQL server too.

If it still doesn't work, check config.inc.php in PhpMyAdmin directory and look at the following lines:
$cfg['Servers'][$i]['auth_type']     = 'config';    // Authentication method (config, http or cookie based)?
$cfg['Servers'][$i]['user']          = 'root';      // MySQL user
$cfg['Servers'][$i]['password']      = 'your-password-here';          // MySQL password (only needed with 'config' auth_type)

Set those like this and you'll be able to log in (without a change in configs any more) with any created MySQL user and be able to access databases according to the rights defined in MySQL. (Meaning you could create a test user who would only be able to play with a test database by logging into PhpMyAdmin without being able to see or modify any other database, what wouldn't be permitted with the .htaccess mentionned above that would just restrict access to the web page of PhpMyAdmin).

Hope this helps.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

wirthrAuthor Commented:
deurk, I have everything set that way, but when I go to my site, it automatically logs in root user
0
wirthrAuthor Commented:
ushastry, same thing when I change it to http, it logs in as root
0
deurkCommented:
Are you sure you didn't check a remember password box, or have a cookie set for a certain time that allows you not to have to relog?

Do you have a pasword set for your MySQL Server?
(Try mysql -u root and mysql -u root -p to check)

If you DO have a password set for root, then remove the password from the config file of phpmyadmin ans use http (I made a mistake), this should do it:
$cfg['Servers'][$i]['auth_type']     = 'http';      // Authentication method (config, http or cookie based)?
$cfg['Servers'][$i]['user']          = 'root';      // MySQL user
$cfg['Servers'][$i]['password']      = '';          // MySQL password (only needed

Try it and tell me :)
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
wirthrAuthor Commented:
yep, that worked.  So now, if I create users in mysqladmin, they would be able to log in? Thanks for your help.
0
deurkCommented:
Yes they will with only their proper tights ^^

Glad it helped :)
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.