Security can be examined at various levels:
Directory-level protection for phpMyAdmin
IP-based access control
The databases that a legitimate user can see
In-transit data protection
Suppose an unauthorized person is trying to execute our copy of phpMyAdmin. If we used the simple config
authentication type, anyone knowing the URL of our phpMyAdmin will have the same effective rights on our data as us. In this case, we should use the directory-protection mechanism offered by our web server (for example, .htaccess
, a file with a leading dot) to add a level of protection.
If we chose to use http
or cookie
authentication types, our data would be safe enough, but we should take the normal precautions with our password (including its periodic change).
The directory where phpMyAdmin is installed contains sensitive data. Not only the configuration file but also ultimately all scripts stored there must be protected from alteration. We should ensure that apart from us...