Howto Secure PhpMyAdmin?

Tracer

I have a RH Linux box ona dedicated IP serving out MySQL, SSH, and HTTPS (Via apache).

I have PhpMyAdmin installed....And am currently using a .htacess file in the phpmyadmin dir...Is there a more foolproof way to secure access to phpmyadmin?

Should I use .htdigest instead?

Any comments would be greatly appreciated...The info on this server is healthcare related and with the new HIPAA laws needs to be secured as much as possible.

(No I can't just disconnet the ethernet cable and bury the box in a cement bunker 🙂 )

Mordecai

First off, change the directory name. I suggest coming up with a fairly long (25 letters or so) directory name. Inside, put the .htaccess. This way, not only do people have to know the directory name, they have to know the access codes.

If you are doing this through something like a hospital, I would recommend removing any outside connection to this computer, so nothing can be done except from inside the LAN.

Hope this helps. There are probably more secure ways, too, so don't just run off and do exactly as I say. I'm sure you'll get some more replies.

Tracer

Unfortunately the server must be located on the internet. It accepts incoming SQL from several healthcare facilities nationwide and aggregates them into one single MySQL DB......