[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: phpMyAdmin configuration [was: [cobalt-users] Re: cobalt-users digest...]
- Subject: Re: phpMyAdmin configuration [was: [cobalt-users] Re: cobalt-users digest...]
- From: "Steve Werby" <steve-lists@xxxxxxxxxxxx>
- Date: Thu Oct 25 08:30:48 2001
- Organization: Befriend Internet Services LLC
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
"Marco Baurdoux" <linux@xxxxxxxxxxxxx> wrote:
> Still easy but not like that if you do professional hosting and are aiming
> customer privacy. In that case download phpMyAdmin, install edit
> config.inc.php3, and use these couple of lines:
>
>
> $cfgServers[1]['adv_auth'] = true; // Use advanced
> authentication?
> $cfgServers[1]['stduser'] = 'mysqladmin'; // MySQL standard
user
> (only needed with advanced auth)
> $cfgServers[1]['stdpass'] = 'adminmysql'; // MySQL standard
> password (only needed with advanced auth)
>
>
> If your database setting are correct now you will be able provide secure
> MySQL/phpMyAdmin to your customer.
Marco, you forgot to mention that the user "mysqladmin" shut be setup with
the least privileges necessary for phpMyAdmin to function. That means only
granting select privileges to that user and only to the "mysql" db. This is
important b/c config.inc.php (or config.inc.php3 depending on your file
extensions) must be world-readable for phpMyAdmin to access it which means
that without obfuscation it could be very easy for someone to read that
file, whether they have shell access or not.
--
Steve Werby
President, Befriend Internet Services LLC
http://www.befriend.com/