[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: phpMyAdmin configuration [was: [cobalt-users] Re: cobalt-users digest...]
- Subject: Re: phpMyAdmin configuration [was: [cobalt-users] Re: cobalt-users digest...]
- From: Marco Baurdoux <linux@xxxxxxxxxxxxx>
- Date: Thu Oct 25 12:18:00 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
le 25.10.2001 17:01, Steve Werby à steve-lists@xxxxxxxxxxxx a écrit :
> "Marco Baurdoux" <linux@xxxxxxxxxxxxx> wrote:
>> Still easy but not like that if you do professional hosting and are aiming
>> customer privacy. In that case download phpMyAdmin, install edit
>> config.inc.php3, and use these couple of lines:
>>
>>
>> $cfgServers[1]['adv_auth'] = true; // Use advanced
>> authentication?
>> $cfgServers[1]['stduser'] = 'mysqladmin'; // MySQL standard
> user
>> (only needed with advanced auth)
>> $cfgServers[1]['stdpass'] = 'adminmysql'; // MySQL standard
>> password (only needed with advanced auth)
>>
>>
>> If your database setting are correct now you will be able provide secure
>> MySQL/phpMyAdmin to your customer.
>
> Marco, you forgot to mention that the user "mysqladmin" shut be setup with
> the least privileges necessary for phpMyAdmin to function. That means only
> granting select privileges to that user and only to the "mysql" db. This is
> important b/c config.inc.php (or config.inc.php3 depending on your file
> extensions) must be world-readable for phpMyAdmin to access it which means
> that without obfuscation it could be very easy for someone to read that
> file, whether they have shell access or not.
>
Yep forgot to copy a couple of sentences from the phpwizard website :-))