Page 1 of 1
phpMyAdmin for phpwcms
Posted: Tue 4. Apr 2006, 13:02
by macangelo
Hi,
where do I find the right phpMyAdmin to use with phpwcms (inside the include/inc_ext-folder)?
Thanks a lot
macangelo
Find it at http://www.phpmyadmin.net/
Posted: Tue 4. Apr 2006, 16:08
by Narcanti
There is no "right" phpmyadmin to use - it works indepently from phpwcms.
You should always use the latest version to avoid security leaks.
Latest stable is 2.8.0.2
http://www.phpmyadmin.net/home_page/downloads.php
Posted: Wed 5. Apr 2006, 07:54
by Pappnase
hello
but don't forget to secure the folder with an htaccess file!
Why?
Posted: Thu 6. Apr 2006, 07:25
by Narcanti
Posted: Fri 7. Apr 2006, 04:37
by Pappnase
hello
if you only uplaod php my admin into the ext folder it's unsecure! cos andody can find this dir and can work at your db!
Posted: Fri 7. Apr 2006, 05:48
by DeXXus
Especially if "default" folder name ( like... /phpMyAdmin-2.8.0.2 ) is used. An alternative to protecting with .htpasswd/.htaccess scheme is use a "unique" name for the install folder.
Posted: Fri 7. Apr 2006, 06:21
by Pappnase
DeXXus wrote:Especially if "default" folder name ( like... /phpMyAdmin-2.8.0.2 ) is used. An alternative to protecting with .htpasswd/.htaccess scheme is use a "unique" name for the install folder.
hello dex
thanks for your better explanaition
Posted: Fri 7. Apr 2006, 11:26
by DeXXus
$ANSWER = (PROBLEM) divided by (Pappnase + DeXXus)
Authentication
Posted: Fri 7. Apr 2006, 20:17
by Narcanti
Oh... I always set an authentication mode inside phpmyadmin.
So you will need the username and the password to use it...
That's why I thought there's no need to protect the directory....
Posted: Fri 7. Apr 2006, 21:29
by DeXXus
http://www.phpmyadmin.net/documentation/
Quick Install
1. Untar or unzip the distribution (be sure to unzip the subdirectories): tar -xzvf phpMyAdmin_x.x.x.tar.gz in your webserver's document root. If you don't have direct access to your document root, put the files in a directory on your local machine, and, after step 3, transfer the directory on your web server using, for example, ftp.
2.
Ensure that all the scripts have the appropriate owner (if PHP is running in safe mode, having some scripts with an owner different from the owner of other scripts will be a problem). See FAQ 4.2 and FAQ 1.26 for suggestions.
3. Create the file config.inc.php in the main (top-level) directory (the one that contains index.php). You can use setup script provided in distribution (scripts/setup.php) to create basics of config file. See Setup chapter for details. If you don't like setup or want to fine tune resulting configuration, open (or create in case of starting from scratch) config.inc.php in your favorite editor and fill in there values for host, user, password and authentication mode to fit your environment. Look at libraries/config.default.php how these fields should be defined. Here, "host" means the MySQL server. Have a look at Configuration section for an explanation of all values.
Please also read the remaining of this Installation section for information about authentication modes and the linked-tables infrastructure.
4.
If you are using the auth_type configuration directive, it is suggested that you protect the phpMyAdmin installation directory, for example with HTTP–AUTH in a .htaccess file. See the multi–user sub–section of this FAQ for additional information, especially FAQ 4.4.
5. Open the file <www.your-host.com>/<your-install-dir>/index.php in your browser. phpMyAdmin should now display a welcome screen and your databases, or a login dialog if using HTTP or cookie authentication mode.
6.
You should deny access to the ./libraries subfolder in your webserver configuration. For Apache you can use supplied .htaccess file in that folder, for other webservers, you should configure this yourself. Such configuration prevents from possible path exposure and cross side scripting vulnerabilities that might happen to be found in that code.
