I have setup phpMyAdmin at the root of my website. How do I stop someone from just putting in http://www.mysite.com/phpMyAdmin/index.php and accessing by database.
Do I just change the directory to something obscure or can I password protect phpMyAdmin
check the apache doc and look up the .htaccess file syntax. or search on google for .htaccess i think there r lots of tutorials on directory protection. hth
that is providing your not running a crappy winblows server it will work.
There is options within the phpMyAdmin config file to security ... such as setting the auth type that will only allow valid MySQL users to login .. and depending on the users database permissions, only show those database they have access to.
thanks setting auth_type to cookie
$cfg['Servers'][$i]['auth_type'] = 'cookie'; // Authentication method (config, http or cookie based)?
and then setting
$cfg['blowfish_secret'] = 'xxxxxx';
does the trick
