Database Reference
In-Depth Information
Authentication and Security
There are many ways of configuring authentication in phpMyAdmin—depending on
our goals, the presence of other applications, and the level of security we need. This
chapter explores the available possibilities.
MySQL authentication
When we type in a username and password, although it seems that we are
logging in to phpMyAdmin, we are not! The authentication system is a function
of the MySQL server. We are merely using phpMyAdmin (which is running on
the web server) as an interface that sends our username and password information
to the MySQL server. Strictly speaking, we do not log
in to
phpMyAdmin, but
through
phpMyAdmin.
This is why in user support forums about phpMyAdmin, people asking for help
about authentication are often referred back to their MySQL server's administrator,
because a lost MySQL user or password is not really a phpMyAdmin problem.
This section explains the various authentication modes offered by phpMyAdmin.
Root user without password
In many cases, MySQL's default installation leaves a server open to intrusion
because it creates a MySQL account named
root
without a password. To counter
this problem, phpMyAdmin 3.1.0 has introduced a server-specific configuration
parameter,
$cfg['Servers'][$i]['AllowNoPasswordRoot']
, which by default is
false
. Generally, this directive should remain
false
to avoid this kind of access via
phpMyAdmin, as hackers are actively probing the web for insecure MySQL servers.
Go through the
Security
section for other ideas about protecting your server.
Search WWH ::
Custom Search