Thursday, April 5, 2012

Securing the phpMyadmin application from outside intrusion

When I renamed my WAMP root index.php file to windex.php and then tried to access phpmyadmin from the windex.php page - I got an error message indicating I did not have permission to access the /phpyadmin/ folder. Always unintended side effects of changing things.

After a bit of googling, I discovered the file in the www\alias\phpmyadmin.conf. Which is responsible for who can access this tool from where.

I experimented a bit and ended up with a statement in the file that looked like this:


Options Indexes FollowSymLinks MultiViews
AllowOverride all
Order Deny,Allow
Deny from all
Allow from localhost


Paying attention to the last two lines, which mean the phpmyadmin program can not be accessed from anywhere, EXCEPT from localhost.

I verified that this was working as expected by

1 - browsing to the server from outside - and getting the permission denied message
2 - browsed to the server from localhost and was able to access the program

Moral of the story?

Be aware of who can access this important tool, since it is a gateway into your DB. Use the phpmyadmin.conf to control who can access this program.
at

1 comment:

  1. Todaydownload.comJuly 19, 2012 at 5:19 AM

    These facts are really interesting. Few of them were well known for me but many of them were brand new for me too!
    I will print this one out and show to my friends because they will be definitely interested in that. Thanks!
    phpMyAdmin

    ReplyDelete