Our company has recently taken over a website job. The site is riddled with security holes that I'm painstakingly patching.
One of the issues is that the previous developer set up phpMyAdmin but did not require a password to access it. I have access to the folder where phpMyAdmin is installed through FTP, but do not have access to the database via the control panel from the host. How can I make sure that the same password used to access the database through a script is also the password used to access the database through phpMyAdmin. Is this usually done through htaccess or is there another method?
TLDR: phpMyAdmin installed locally but no password is required to get to it. How do I get the folder password protected?
config.inc.php
is the configuration file for phpMyAdmin. You are likely usingconfig
based authentication.You can change this to
cookie
based authentication, which will allow you to authentication against the usernames and passwords stored in your MySQL database. Specify this under theauth_type
setting.You also must specify
blowfish_secret
, which is used by cookie based authentication to encrypt the password in the cookie. Put it near the top of the configuration before the servers start getting specified.