HPE Community
Operating System - HP-UX
1752571 Members
5303 Online
108788 Solutions
New Discussion юеВ

Re: phpmyadmin hpux 11.11 & security

 
Jim Krol
Advisor

тАО05-21-2003 11:16 AM

тАО05-21-2003 11:16 AM

phpmyadmin hpux 11.11 & security

Has anyone got phpmyadmin to work in a secure multiuser environment? I have the HP version of apache 2.X which includes php support and I am using mysql 4.0.x. All works fine until I try to add security. I have tried http security and it keeps telling me "authorization failed". I have heard that there is a problem with the way passwords are encrypted. So the question remains, "has anyone successfully run phpmyadmin in a secure multiuser environment.

Thanks,
Jim Krol
james.krol@boeing.com
0 Kudos
Reply
2 REPLIES 2
Andrew Cowan
Honored Contributor

тАО05-21-2003 10:50 PM

тАО05-21-2003 10:50 PM

Re: phpmyadmin hpux 11.11 & security

Hi Jim,

I've done this on Windows and Linux. I think that the mistake you are making is that you have to change the "config.inc.php" file as follows:

$cfg['Servers'][$i]['host'] = 'localhost';
$cfg['Servers'][$i]['port'] = '';

$cfg['Servers'][$i]['controluser'] = '';
$cfg['Servers'][$i]['controlpass'] = 'passwd';
$cfg['Servers'][$i]['auth_type'] = 'config';

$cfg['Servers'][$i]['user'] = 'root';
$cfg['Servers'][$i]['password'] = 'passwd';

You obviously need to alter these values to suit your the users and passwords you have setup. It is a security issue that your password is stored here in "clear" so you should do the following:

1. Create a SQL user with no permissions other than those needed to access MySQL.
2. Protect this file and directory as much as possible.

If you want to make SQL even more secure it is possible to create a special DB user that does not need to have a password entered in this file. I can tell you how to do this, but its quite complicated, and I think you are best getting this working first.

Good luck,
Andrew
0 Kudos
Reply
Jim Krol
Advisor

тАО05-23-2003 08:25 AM

тАО05-23-2003 08:25 AM

Re: phpmyadmin hpux 11.11 & security

I have that method of security working fine. What I need to do is set up either http or cookie security for a multi user environment. Whenever I try to access with a user account I get access denied.

Jim Krol
james.krol@boeing.com



0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.