Suppose an unauthorized person is trying to execute our copy of phpMyAdmin. If we used the simple config authentication type, anyone knowing the URL of our phpMyAdmin will have the same effective rights on our data as us. In this case, we should use the directory-protection mechanism offered by our web server (for example, .htaccess, a file with a leading dot) to add a level of protection.

If we chose to use http or cookie authentication types, our data would be safe enough, but we should take the normal precautions with our password (including its periodic change).

The directory where phpMyAdmin is installed contains sensitive data. Not only the configuration file but also ultimately all scripts stored there must be protected from alteration. We should ensure that apart from us...