|
|
|
Secure phpMySQL with iTools 7 tutorial
phpMyAdmin is an application written in the PHP language that provides a web-based interface for the administration of mySQL databases.
A version of phpMyAdmin has been customized by Tenon to easily install and function in your iTools server. This version installs ready for you to enter a few lines of configuration information and then connect to your mySQL server on the same server.
When you access phpMyAdmin from iTools Administration Server the first time, you will be presented with these warning messages:
The $cfg['PmaAbsoluteUri'] directive MUST be set in your configuration file!
Your configuration file contains settings (root with no password) that correspond to the default MySQL privileged account. Your MySQL server is running with this default, is open to intrusion, and you really should fix this security hole.
Follow the steps below to configure a previously installed phpMyAdmin program for use with your database server on the MySQL database.
- Select mysql from (Database)... pull down menu.
- Select user table.
- Click Browse.
- Edit the entry for root user, with your host name attach to it.
- Select PASSWORD from the Function pull down menu for the Password
field.
- Input a password and click Go.
- Use Finder and locate /Library/Tenon/phpMyAdmin/config.inc.php
- Edit config.inc.php with a text editor.
- replace $cfg['PmaAbsoluteUri'] = ''; with your phpMyAdmin URL address.
- Scroll down to Server(s) configuration and edit: When you edit the file, take care that lines do not wrap to the next line as a result of your edits. If you notice that a line wraps as you are entering information, correct the line so that it does not wrap. Lines that wrap and are saved into the file are likely to cause the phpMyAdmin program to not run correctly when you request it from your web browser. The configuration file provides for the definition of the connections from which you can select from the opening page of the phpMyAdmin program. The example below shows the connections defined for 'root' user (fully privileged).
- Save the file, and visit phpMyAdmin URL again. Now the phpMyAdmin should be password protected.
/**
* Server(s) configuration
*/
$i = 0;
// The $cfg['Servers'] array starts with $cfg['Servers'][1]. Do not use
$cfg['Servers'][0].
// You can disable a server config entry by setting host to ''.
$i++;
$cfg['Servers'][$i]['host'] = 'your-hostname'; // MySQL hostname
$cfg['Servers'][$i]['port'] = ''; // MySQL port - leave blank for default port
$cfg['Servers'][$i]['socket'] = ''; // Path to the socket - leave blank for default socket
$cfg['Servers'][$i]['connect_type'] = 'tcp'; // How to connect to MySQL server ('tcp' or 'socket')
$cfg['Servers'][$i]['compress'] = FALSE; // Use compressed protocol for the MySQL connection
// (requires PHP >= 4.3.0)
$cfg['Servers'][$i]['controluser'] = ''; // MySQL control user settings
// (this user must have read-only
$cfg['Servers'][$i]['controlpass'] = ''; // access to the "mysql/user"
// and "mysql/db" tables)
$cfg['Servers'][$i]['auth_type'] = 'cookie'; // Authentication method (config, http or cookie based)?
| Tenon Home | Products | Order | Contact Us | About Tenon | Register | Tech Support | Resources | Press Room | Mailing Lists |
|
Copyright©2013 Tenon Intersystems, 232 Anacapa Street, Suite 2A, Santa Barbara,
CA 93101. All rights reserved. |