Databases Reference
In-Depth Information
Logging out
A mechanism is available to tell phpMyAdmin which URL it should reach after a
user has logged out. This feature eases integration with other applications and works
for all authentication types that permit to log out. Here is an example:
$cfg['Servers'][$i]['LogoutURL'] = 'http://www.mydomain.com';
This directive must contain an absolute URL, including the protocol.
Securing phpMyAdmin
Security can be examined at the following various levels:
• How we can protect the phpMyAdmin installation directory
• Which workstations can access phpMyAdmin
• The databases that a legitimate user can see
Protecting phpMyAdmin at directory level
Suppose an unauthorized person is trying to use our copy of phpMyAdmin. If
we use the simple
config
authentication type, anyone knowing the URL of our
phpMyAdmin will have the same effective rights to our data as we do. In this case,
we should use the directory protection mechanism offered by our web server (for
example,
.htaccess
, a file name with a leading dot) to add a level of protection.
More details are available at
http://en.wikipedia.org/wiki/Basic_access_
authentication
.
If we decide on using
http
or
cookie
authentication types, our data would be safe
enough. However, we should take normal precautions with our password (including
its periodic change).
The directory where phpMyAdmin is installed contains sensitive data. Not only the
configuration file but also all scripts stored there must be protected from alteration.
We should ensure that apart from us, only the web server effective user has read
access to the files contained in this directory, and that only we can write to them.
Search WWH ::
Custom Search