Database Reference
In-Depth Information
Error handling
Version 3.0 has introduced a new PHP error trapping behavior in phpMyAdmin,
based on PHP's custom error handler mechanism. One of the benefits of this error
handler is to avoid path disclosure, which is considered a security weakness. The
default settings related to this are:
$cfg['Error_Handler'] = array();
$cfg['Error_Handler']['display'] = false;
You should let the default value for display to be false, unless you are developing a
new phpMyAdmin feature and want to see all PHP errors and warnings.
IP-based access control
An additional level of protection can be added, this time verifying the Internet
Protocol ( IP ) address of the machine from which the request to use phpMyAdmin
is received.
To achieve this level of protection, we construct rules allowing or denying access,
and specify the order in which these rules will be applied.
Rules
The format of a rule is:
<'allow' | 'deny'> <username> [from] <source>
from being optional, here are some examples:
Rule
Description
allow Bob from
1.2.3.4
User Bob is allowed access from IP address
1.2.3.4 .
allow Bob from
1.2.3/24
User Bob is allowed from any address matching
the network 1.2.3
(this is CIDR IP matching).
User Alice cannot access when located on
network 4.5 .
deny Alice from
4.5/16
allow Melanie from
all
User Melanie can login from anywhere.
Search WWH ::




Custom Search