Securing phpMyAdmin

Security can be examined at the following various levels:

  • How we can protect the phpMyAdmin installation directory
  • Which workstations can access phpMyAdmin
  • The databases that a legitimate user can see

Protecting phpMyAdmin at directory level

Suppose an unauthorized person is trying to use our copy of phpMyAdmin. If we use the simple config authentication type, anyone knowing the URL of our phpMyAdmin will have the same effective rights to our data as we do. In this case, we should use the directory protection mechanism offered by our web server (for example, .htaccess, a file name with a leading dot) to add a level of protection. More details are available at http://en.wikipedia.org/wiki/Basic_access_authentication.

If we decide ...

Get Mastering phpMyAdmin 3.4 for Effective MySQL Management now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.