Securing phpMyAdmin

Security can be examined at the following various levels:

  • How we can protect the phpMyAdmin installation directory
  • Which workstations can access phpMyAdmin
  • The databases that a legitimate user can see

Protecting phpMyAdmin at directory level

Suppose an unauthorized person is trying to use our copy of phpMyAdmin. If we use the simple config authentication type, anyone knowing the URL of our phpMyAdmin will have the same effective rights to our data as we do. In this case, we should use the directory protection mechanism offered by our web server (for example, .htaccess, a file name with a leading dot) to add a level of protection. More details are available at http://en.wikipedia.org/wiki/Basic_access_authentication.

If we decide ...

Get Mastering phpMyAdmin 3.4 for Effective MySQL Management now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.