Remove the test directory from phpMyAdmin, unless you are developing and need a test suite.Ensure your PHP setup follows recommendations for production sites, for example display_errors should be disabled.Preferably, you should use HSTS as well, so that you’re protected from protocol downgrade attacks. Follow our Security announcements and upgrade phpMyAdmin whenever new vulnerability is published.The phpMyAdmin team tries hard to make the application secure, however there are always ways to make your installation more secure: ![]() htaccess file with the HTTP-AUTH directive or disallowing incoming HTTP requests at one’s router or firewall will suffice (both of which are beyond the scope of this manual but easily searchable with Google). Use of some restriction method is suggested, perhaps a. This is by design but could allow any user to access your installation. Unlike cookie and http, does not require a user to log in when first loading the phpMyAdmin site.For additional security in this mode, you may wish to consider the Host authentication $cfg and $cfg configuration directives.In the ISPs, multi-user installations section, there is an entry explaining how to protect your configuration file. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |