![]() To learn how to further secure your interactions with the server by encrypting your communication with SSL, check out our article on setting up SSL certificates with phpMyAdmin. Using this interface, you can easily create databases, users, tables, etc., and perform the usual operations like deleting and modifying structures and data. You should now have phpMyAdmin configured and ready to use on your Ubuntu 14.04 server. This will add an additional layer of security since phpMyAdmin has suffered from vulnerabilities in the past. Now, when you access your phpMyAdmin subdirectory, you will be prompted for the additional account name and password that you just configured: domain_name_or_IP/phpmyadminĪfter entering the Apache authentication, you’ll be taken to the regular phpMyAdmin authentication page to enter your other credentials. If you want to enter an additional user, you need to do so without the -c flag, like this: sudo htpasswd /etc/phpmyadmin/.htpasswd additionaluser Afterwards, the file is created with the hashed password that you entered. You will be prompted to select and confirm a password for the user you are creating. Let’s create this file and pass it an initial user by typing: sudo htpasswd -c /etc/phpmyadmin/.htpasswd username The location that we selected for the password file was “ /etc/phpmyadmin/.htpasswd“. We can install it from our default repositories: sudo apt-get install apache2-utilsĪfterward, we will have the htpasswd utility available. We actually need an additional package to complete this process. htaccess file, we need to create this file. Now that we have specified a location for our password file through the use of the AuthUserFiledirective within our. When you are finished, save and close the file. This is what actually stops unauthorized users from entering. Require valid-user: This specifies that only authenticated users should be given access to this resource.This should be outside of the directories that are being served. AuthUserFile: This sets the location of the password file that will be used for authentication.You should keep this generic so that unauthorized users won’t gain any information about what is being protected. AuthName: This sets the message for the authentication dialog box.This type will implement password authentication using a password file. AuthType Basic: This line specifies the authentication type that we are implementing.Let’s go over what each of these lines mean: Within this file, we need to enter the following information: AuthType Basic We can create the necessary file and open it in our text editor with root privileges by typing: sudo nano /usr/share/phpmyadmin/.htaccess In order for this to be successful, the file must be created within the application directory. htaccess use for our application, we need to create one to actually implement some security. To implement the changes you made, restart Apache: sudo service apache2 restart When you have added this line, save and close the file. We need to add an AllowOverride All directive within the section of the configuration file, like this: ![]() We will edit the linked file that has been placed in our Apache configuration directory: sudo nano /etc/apache2/conf-available/nf htaccess file overrides by editing our Apache configuration file. htaccess Overridesįirst, we need to enable the use of. htaccess authentication and authorization functionalities. One of the easiest way of doing this is to place a gateway in front of the entire application. We need to secure the application to help prevent unauthorized use. ![]() Because of its ubiquity, phpMyAdmin is a popular target for attackers. We were able to get our phpMyAdmin interface up and running fairly easily. Step Two - Secure your phpMyAdmin Instance
0 Comments
Leave a Reply. |