phpMyAdmin

Discussion in 'OT Technology' started by zanyspy_dude, Dec 22, 2005.

  1. zanyspy_dude

    zanyspy_dude King of teh n00bz

    Joined:
    Aug 29, 2002
    Messages:
    4,473
    Likes Received:
    0
    Location:
    Indianapolis, IN
    i got everything setup and working ok, problem is that anyone can access phpmyadmin on my server :( (running from home, apache, mysql and php)

    I set a root password, why can people log onto myPHPadmin? or did my friend just THINK she could get on?

    [email protected] with PHPADMIN in subject and i'll send you the link if you'd like to try to delete my databases :(
     
    Last edited: Dec 22, 2005
  2. CyberBullets

    CyberBullets I reach to the sky, and call out your name. If I c

    Joined:
    Nov 13, 2001
    Messages:
    11,865
    Likes Received:
    0
    Location:
    BC, Canada/Stockholm, Sweden
    setup an .htaccess and .htpasswd file and restrict the directory.
     
  3. kingtoad

    kingtoad OT Supporter

    Joined:
    Sep 2, 2003
    Messages:
    55,914
    Likes Received:
    8
    Location:
    Los Angeles
    CyberBullets is correct
     
  4. zanyspy_dude

    zanyspy_dude King of teh n00bz

    Joined:
    Aug 29, 2002
    Messages:
    4,473
    Likes Received:
    0
    Location:
    Indianapolis, IN
    .htaccess says this :

    AuthUserFile /phpmyadmin
    AuthGroupFile /dev/null
    AuthName PHPMyAdmin
    AuthType Basic
    require valid-user


    .htpasswd says this:
    username:password

    =======================

    when i enter in username, password on that directory, it won't let me in :(

    what did i fuck up? i've tried using a tool to encript the password and letting it be un encripted, what did i do!?
     
  5. Penguin Man

    Penguin Man Protect Your Digital Liberties

    Joined:
    Apr 27, 2002
    Messages:
    21,696
    Likes Received:
    0
    Location:
    Edmonton, AB
    You need to use the htpasswd command to encrypt the password.
     
  6. CyberBullets

    CyberBullets I reach to the sky, and call out your name. If I c

    Joined:
    Nov 13, 2001
    Messages:
    11,865
    Likes Received:
    0
    Location:
    BC, Canada/Stockholm, Sweden
    yeah.

    Code:
    # htpasswd -c .htpasswd username
    Password: ******
    Re-Type Password: ******
    
    it will look like that (note, password, re-type password are prompts)
     
  7. zanyspy_dude

    zanyspy_dude King of teh n00bz

    Joined:
    Aug 29, 2002
    Messages:
    4,473
    Likes Received:
    0
    Location:
    Indianapolis, IN
    but if i leave it normal ie user:pass shouldn't that work? I just feel ike the password is in the wrong directory maybe? Does it go in the same dir as the .htaccess, or do they all go some place else?
     
  8. CyberBullets

    CyberBullets I reach to the sky, and call out your name. If I c

    Joined:
    Nov 13, 2001
    Messages:
    11,865
    Likes Received:
    0
    Location:
    BC, Canada/Stockholm, Sweden
    .htaccess goes into the directory
    /www/htdocs/phpMyAdmin/.htaccess

    .htpasswd goes into a dir that isnt online.
    /www/pwd/.htpasswd

    that is where i usually put mine, but my .htpasswd is always encrypted.
     
  9. zanyspy_dude

    zanyspy_dude King of teh n00bz

    Joined:
    Aug 29, 2002
    Messages:
    4,473
    Likes Received:
    0
    Location:
    Indianapolis, IN
    how do i specify where i want apache to look for the .htpasswd files then?

    sorry for the noob ness, and thank you for your help.

    Is there really a super need to encrypt the .htpasswd if
    <FilesMatch "^\.ht">
    Order allow,deny
    Deny from all
    </FilesMatch>
     
  10. CyberBullets

    CyberBullets I reach to the sky, and call out your name. If I c

    Joined:
    Nov 13, 2001
    Messages:
    11,865
    Likes Received:
    0
    Location:
    BC, Canada/Stockholm, Sweden
    yes cause what happens if i get onto the box and am able to look at a plain text file.

    you specify the location of the .htpasswd in the .htaccess like this:
    Code:
    AuthType Basic
    AuthName "Password Required"
    AuthUserFile /www/pwd/password.file
    Require valid-user
    
    http://httpd.apache.org/docs/2.0/howto/htaccess.html
    http://httpd.apache.org/docs/2.0/howto/auth.html
     
  11. zanyspy_dude

    zanyspy_dude King of teh n00bz

    Joined:
    Aug 29, 2002
    Messages:
    4,473
    Likes Received:
    0
    Location:
    Indianapolis, IN
    thank you, i got it working perfectly now. I wasn't using the console correctly :doh: always tripple check where you're saving the file...
     

Share This Page