0

Our company has recently taken over a website job. The site is riddled with security holes that I'm painstakingly patching.

One of the issues is that the previous developer set up phpMyAdmin but did not require a password to access it. I have access to the folder where phpMyAdmin is installed through FTP, but do not have access to the database via the control panel from the host. How can I make sure that the same password used to access the database through a script is also the password used to access the database through phpMyAdmin. Is this usually done through htaccess or is there another method?

TLDR: phpMyAdmin installed locally but no password is required to get to it. How do I get the folder password protected?

kylex
  • 1,371
  • 5
  • 13
  • 18

1 Answers1

3

config.inc.php is the configuration file for phpMyAdmin. You are likely using config based authentication.

You can change this to cookie based authentication, which will allow you to authentication against the usernames and passwords stored in your MySQL database. Specify this under the auth_type setting.

You also must specify blowfish_secret, which is used by cookie based authentication to encrypt the password in the cookie. Put it near the top of the configuration before the servers start getting specified.

$cfg['blowfish_secret'] = 'anythingShorterThan42(?)characters';
Warner
  • 23,440
  • 2
  • 57
  • 69
  • okay, that seems to be leading me down the right path, but now I get the following error when I access the site: The configuration file now needs a secret passphrase. – kylex Jul 26 '10 at 15:08