phpMyAdmin to prompt for user password and user name

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

User avatar
Burrito
Spockulator
Posts: 4715
Joined: Wed Feb 04, 2004 8:15 pm
Location: Eden, Utah

Post by Burrito »

know then I do not. check your permissions as I stated above I suggest. also check that you hve a mapping for php I suggest
ljCharlie
Forum Contributor
Posts: 289
Joined: Wed May 19, 2004 8:23 am

Post by ljCharlie »

Okay, this time I got it working...not displaying the file not found now. The problem is it's not taking the user name and password I provided. The popup window for user name and password does not accept what I put in.
User avatar
Burrito
Spockulator
Posts: 4715
Joined: Wed Feb 04, 2004 8:15 pm
Location: Eden, Utah

Post by Burrito »

set the permissions as I suggested within the VD properties did you?
ljCharlie
Forum Contributor
Posts: 289
Joined: Wed May 19, 2004 8:23 am

Post by ljCharlie »

As far as Windows permission to read the sub folder phpMyAdmin, it's all there. However, can you explain about "mapping for php"? How do I do that or verify that I do have it correct?
User avatar
Burrito
Spockulator
Posts: 4715
Joined: Wed Feb 04, 2004 8:15 pm
Location: Eden, Utah

Post by Burrito »

first try what I suggested before you should:
need to change the directory permissions on the vd itself you might.

vd properties -> directory security tab -> uncheck Enable anonymous access -> check Integrated Windows authentication.
then check for mappings you should

vd properties -> virtual directory tab -> configuration -> mappings tab -> look for .php extension.
ljCharlie
Forum Contributor
Posts: 289
Joined: Wed May 19, 2004 8:23 am

Post by ljCharlie »

Okay, here's the confusion I got. The windows permission are only good for accessing the phpMyAdmin folder. How does phpMyAdmin or the index.php of phpMyAdmin know how to submit the user name and password I typed in the popup window to MySQL? There is a missing link here. There should be something in the index.php or config.inc.php of phpMyAdmin that will retain the user name and password I typed in the popup window and submit that to authenticate in MySQL to allow the proper setting once I logged in, right?
ljCharlie
Forum Contributor
Posts: 289
Joined: Wed May 19, 2004 8:23 am

Post by ljCharlie »

Mapping is correct and security/permission are all correct. But somehow it just not taking my user name and password. I'm not sure if Windows is not taking the password and user name or MySQL is not taking it.
User avatar
Burrito
Spockulator
Posts: 4715
Joined: Wed Feb 04, 2004 8:15 pm
Location: Eden, Utah

Post by Burrito »

<yodaoff>
ok per your first post
I have setup my own IIS webserver with phpMyAdmin. How do set the config.inc.php so that when access the phpMyAdmin index page, the shows a logon for user name and password?
I therefore tried to help you create an authentication method so that someone who hits the site must log in...which we've done.

WHAT WE'VE DONE HAS NOTHING TO DO WITH MYSQL NOR PHPMYADMIN.

you need to set the MySQL log in credentials in your config.inc.php file.

make sense now?
</yodaoff>
ljCharlie
Forum Contributor
Posts: 289
Joined: Wed May 19, 2004 8:23 am

Post by ljCharlie »

I am starting to see it now. So what we've done so far is putting another layer of security to the phpMyAdmin folder only, correct? Once the user name and password I typed works, the index.php of phpMyAdmin will load and ask for user name and password to access the mysql, right? Okay, well, now that I understand that concept, window is not allowing me to access the index.php page of phpmyadmin.
User avatar
Burrito
Spockulator
Posts: 4715
Joined: Wed Feb 04, 2004 8:15 pm
Location: Eden, Utah

Post by Burrito »

<yodaoffagain>

I didn't suggest you do that for an "additional" layer of security, I suggested it for the one and only layer. You need to set the log in credentials to your MySQL db in the config.inc.php. If you use root for the UN, you should be able to see all of the db's. You can also set credentials for specific users / dbs.

</yodaoffagain>
ljCharlie
Forum Contributor
Posts: 289
Joined: Wed May 19, 2004 8:23 am

Post by ljCharlie »

Okay, in the confi.inc.php file the line, $cfg['Servers'][$i]['auth_type'], I set it to cookie, and the error I got is below:

The configuration file now needs a secret passphrase (blowfish_secret).

Now if I set it to http, then I would get the popup window for user name and password that will never accept anything I put in.
User avatar
Burrito
Spockulator
Posts: 4715
Joined: Wed Feb 04, 2004 8:15 pm
Location: Eden, Utah

Post by Burrito »

set it like this you should:

Code: Select all

$cfg['Servers'][$i]['auth_type']     = 'config';
$cfg['Servers'][$i]['user']          = 'root';
$cfg['Servers'][$i]['password']      = 'rootpass';
ljCharlie
Forum Contributor
Posts: 289
Joined: Wed May 19, 2004 8:23 am

Post by ljCharlie »

I figure out what the passphrase is now. It does work now. However, I could never get the VD to work. If I access the folder directly on the URL then it works perfectly this time. There is a text box for the user name and password. But as soon as I use VD, windows will not accept my password and user name. Not sure. why. I believe this is a window problem. The user I have setup in windows Computer Management\Local Users and Groups\Users to access the phpmyadmin folder has Read & Execute, List Folder Contents, and Read permssion. Still window will not let me see the index.php page of the phpmyadmin folder when using VD.
ljCharlie
Forum Contributor
Posts: 289
Joined: Wed May 19, 2004 8:23 am

Post by ljCharlie »

Any many thanks for your help. At least it is functional now.
Post Reply