phpMyAdmin htaccess Question

adavis

Can anyone tell me how to use htaccess to restrict access to http://www.mysite.org/phpMyAdmin/index.php. I want an alert box to pop up and ask for username/password when anyone tries to access this folder. Also, would this be the database username/password or can I set it to anything I would like? If so, How do I do that???

The site is on a UNIX server.

I need this explaination in plain simple terms that are easy for anyone to understand. Please don't assume that I know anything about how this works. If I understood how htaccess works, I wouldn't be asking this question.🙂

I'm not getting much help at http://sourceforge.net/. I posted this question 3 times over there and keep getting smart a** answers (like why don't you do "this" without telling me how to do "this") or answers with terms I don't understand.

I know you guys are more patient, understanding, and helpful anyway. 😃

floR

Make a file, called .htaccess in the directory that needs to be protected (phpMyAdmin):

AuthName "PHP MyAdmin"
AuthType Basic
AuthUserFile /usr/local/apache/phpmyadmin.htpasswd

require valid-user

Then, make a htpassword file like:

root@yourmachine> /usr/local/apache/bin/htpasswd -c /usr/local/apache/phpmyadmin.htpasswd yourname yourpassword

(this only works of course, when you are using apache and that directory structure 🙂)

You can set the username/password to anything you like. If you don't have access to the server to do this, check the provider's documentation.

adavis

When I connect using WS-FTP, here's what I see:

cgi-bin (cgi files in this folder)
htdocs (phpMyAdmin folder is in this foder)
hideit (database connection info is in this folder)

When I connect to the hideit folder which contains all the info I need to connet to my mySQL database, here's my path:

/usr/home/mysitename/public_html/hideit/hideit.inc

So..., I create a file called .htaccess in the phpMyAdmin folder. I think my path would be /usr/home/mysite/public_html/, so would the .htaccess file contain this:

AuthName "PHP MyAdmin"
AuthType Basic
AuthUserFile /usr/home/mysite/public_html/phpmyadmin.htpasswd

require valid-user

and the htpassword file look like this:

root@mymachine>/usr/home/mysite/cgi-bin/htpasswd -c /usr/home/mysite/phpmyadmin.htpasswd myusername mypassword

Where you have roo@mymachine, would that be localhost@mysitename ???

Thanks

floR

No. it's a Bad Thing to have the htpassword file under the documentroot, although it will work. That file will contain username(s) with encrypted password, so ideally it has to reside somewhere on the server where it will not be visible to the web.

The location of your .htaccess file, which tells the webserver which directory to protect, should be in the directory you want protected, so probably not public_html/.htaccess, but public_html/phpmyadmin/.htaccess

You can't just write a file phpmeadmin.htpasswd, but what I wrote was the command to create one.

'root@mymachine>' is the prompt of the unix shell when you telnet/ssh to it.

/usr/local/bin/htpasswd -c /somepathoutsidethewebfiles/phpmyadmin.htpasswd myusername mypassword
is the command you type to generate the htpasswd file.

/usr/local/bin is the directory (on some systems, for example linux) where the webserver executable files are stored, among which the 'htpasswd' script which generates htpasswd files.

The '-c /path/file' option tells the script to create a new htpasswd file.

The htpasswd examples I used are typical for Apache 1.3.x.

adavis

I've just emailed my sysadmin to help me figure this thing out. Hopefully he'll be able to tell me the best way to protect this folder and how to do it. I just don't want to mess anything up and it sounds like playing around with .htaccess when you don't know what you're doing could be really dangerous.

adavis

I think I understand what I'm supposed to do now, BUT, I can't figure out HOW to do it because I can't telnet in. I can only get into my site through WS-FTP or similar tool, so I can't enter stuff from the command line. When I try to telnet in, I get a message saying that the Target Machine Actively refused connection.

Any suggestions from here?

trooper

Adavis

Look at the config file that comes with PHPMyAdmin. (think its called Config.inc.php)

It has a good comments in it, in there you can set the security method used. In version 2.0.3rc4 this is stored in the line

$cfg['Servers'][$i]['auth_type'] ='http'

That will then bring up the challenge / response box you are after

HTH

nexgen_x

I'm having the same problem, and need to use a .htaccess file for security, but am using a remote server so I can't type in commands like root@mymachine

can anyone help?

adavis

I finally got mine to work, but it's been a few months, and honestly I can't remeber what happened. I think I talked to tech support and they walked me through the process or changed some premissions for me. Sorry I couldn't be more help.

nexgen_x

bump

im fine with doing the .htaccess file, what i cant figure out is how to do:

root@yourmachine> /usr/local/apache/bin/htpasswd -c /usr/local/apache/phpmyadmin.htpasswd yourname yourpassword

from my own PC