Database Reference
In-Depth Information
We can also indicate which database names must be hidden with the
hide_db
parameter. It contains a regular expression (
http://en.wikipedia.org/wiki/
Regular_expression
) representing what to exclude. If we do not want users to see
all databases whose names begin with 'secret', we would use:
$cfg['Servers'][$i]['hide_db'] = '^secret';
These parameters apply to all users for this server-specific configuration.
These mechanisms do not replace the MySQL privilege system. Users'
rights on other databases still apply, but they cannot use phpMyAdmin's
left panel to navigate to their other databases or tables.
Protecting in-transit data
HTTP is not inherently immune to network sniffing (grabbing sensitive data off the
wire). So, if we want to protect not only our username and password but all the data
that travels between our web server and browser, we have to use HTTPS.
To do so, assuming that our web server supports HTTPS, we just have to start
phpMyAdmin by putting
https
instead of
http
in the URL as follows:
https://www.mydomain.com/phpMyAdmin
If we are using
PmaAbsoluteUri
auto-detection:
$cfg['PmaAbsoluteUri'] = '';
phpMyAdmin will see that we are using HTTPS in the URL and react accordingly.
If not, we must put the
https
part in this parameter as follows:
$cfg['PmaAbsoluteUri'] = 'https://www.mydomain.com/phpMyAdmin';
Also, since phpMyAdmin 2.7.0, we can automatically switch users to an HTTPS
connection with this setting:
$cfg['ForceSSL'] = TRUE;
Swekey hardware authentication
Since version 3.1, support for the Swekey hardware authentication key has been
merged to cookie-based authentication in phpMyAdmin. Reference for this USB
key is available at
http://phpmyadmin.net/auth_key
. A Swekey can be used with
all compatible web applications to add a level of security, based on the possession
of this physical device. In the case of phpMyAdmin, it does not replace the normal
MySQL authentication.
Search WWH ::
Custom Search