phpMyAdmin config.inc.php permissions

msavvy

I've successfully installed PHP5, MySQL, and phpMyAdmin on a Linux host...

However, I'm concerned about the security of my config.inc.php file. Ideally, I'd like to chmod 600 this file since it contains a db password in plain text. The problem is that it will only work if the file is 644.

Currently, my Apache web server is running as user "apache" and group "apache", and phpMyAdmin is running as user "52400" and group "24067".

As far as I know, changing the user/group will not make a difference to the security since the config file will still be readable by others.

Any idea how to make this a little more secure?

tsinka

Hi,

one way:

chown the phpMyAdmin directory to apache.apache and the chmod it to 600. If the apache user/group is the owner the web server should still be able to serve phpMyAdmin even with 600.

Another solution would be to create a MySQL user that has hardly any privleges on the database. Then switch the authentication method in the config file to http. Doing so you'll get an http authentication dialog each time you want to use phpMyAdmin. There you can use the login data of a more privileged user.

Thomas