Shulou(Shulou.com)06/01 Report--

This article is to share with you about the solutions to the insecurity of the phpmyadmin directory. The editor thinks it is very practical, so share it with you as a reference and follow the editor to have a look.

Solutions to phpmyadmin directory insecurity: 1, modify phpMyAdmin directory name; 2, add user authentication to phpMyAdmin directory; 3, add host-based access control

Solutions to phpmyadmin directory insecurity:

1. Modify the name of phpMyAdmin directory:

Before changing the directory name, it is easy for others to gain insight into the directory name, causing security risks. For example, if the domain name of a Linux host is: Client Validation, then typing: Client Validation in the address bar will enter the phpMyAdmin hypervisor without changing the directory name. So if you rename the phpMyAdmin directory to a directory that is not easy for others to know, such as mynameadmin, when you are managing your own database, just type: Client Validation and you can manage the database through your browser. (note: the phpMyAdmin directory name will still be used below. If the directory name has been changed, just rename phpMyAdmin to the new directory name. )

Add user authentication to the phpMyAdmin directory:

This is a common method for many websites that require user authentication, so that when users browse to the directory for the first time, they will be prompted to enter a user name and password for authentication, which is achieved by using Apache Server's standard mod_auth module. The specific operation methods are as follows:

1. VI edits the Apache Server configuration file to make sure that there are no comments in the following two sentences. If there is a "#" sign before these two sentences, remove the "#" sign.

DocumentRoot / data/web/apache/public/htdocs AccessFileName. Htaccess AllOerride All

2. Passwd program creates user files:

Htpasswd-c / data/web/apache/secrects/.htpasswd 88998

Among them,-c indicates the option to tell htpasswd that you want to generate a new user file, / data/web/apache/secrects/ is the directory where you want to store the .htpasswd file, the file name is .htpasswd, and 88998 is the user name used when verifying. After typing the above command, the system prompts you to enter the password, which is the password used when verifying, and the password is encrypted in the .htpasswd file. Now look at the / data/web/apache/secrects/.htpasswd file with more, and you can see that there is a line of user name and a string of encrypted passwords.

3. Create a .htaccess file:

Using a text editor, create an .htaccess file under directory phpMyAdmin (or new directory name if you have renamed it), and add the following statement to the file:

AuthName user Authentication AuthType Basic AuthUserFile / data/web/apache/public/htdocs/phpMyAdmin/.htpasswdrequire user 88998

After saving the operation, look at the phpMyAdmin directory, you will be prompted to verify the window, enter the user name and password you just created with the htpasswd command, you can enter the directory.

Third, add host-based access control:

After modifying the directory name and adding the access authentication mechanism, it should be said that the current phpMyAdmin is already very secure, but since the phpMyAdmin directory is generally only used by database administrators, in order to prevent others from knowing the directory name and authentication password, you can also add the following host-based access control. Host-based access is achieved by verifying the user's machine IP, that is, only qualified IP can question the directory. Otherwise, access is denied.

Modify the .htaccess file as follows:

AuthName "user Authentication" AuthType Basic AuthUserFile / data/web/apache/public/htdocs/phpMyAdmin/.htpasswdrequire user 88998order deny,allow deny from all allow from 202.100.222.80

Three host-based access control instructions are added, the value of the first order instruction is a list separated by a comma, which indicates which instruction has higher priority, the second instruction deny defines the host that cannot access the directory, and the third instruction allow defines the host that can access the directory, so that the directory can be accessed by a machine with an IP address of 202.100.222.80 Nothing else can be accessed, and the reader can refer to this address as the user database administrator IP.

Summary: through the combination of the above three points, we can ensure the security of the phpMyAdmin directory, and it will be difficult for non-database administrators to read data through phpMyAdmin programs. What we are talking about here is about the phpMyAdmin directory, and other directories can also be operated in this way if access restrictions are required.

Thank you for reading! This is the end of this article on "unsafe solutions to the phpmyadmin directory". I hope the above content can be of some help to you, so that you can learn more knowledge. if you think the article is good, you can share it out for more people to see!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.