PhpMyAdmin password config problem 1

[btween]

I am trying to password protect a PhpMyAdmin, and I followed some forum instructions that said do the following:

...
$cfg['PmaAbsoluteUri'] = '

http://your/path/to/pma/';

...
$cfg['blowfish_secret'] = 'some secret';
...
$cfg['Servers'][$i]['auth_type'] = 'cookie';

once I did this I get the welcome to php login box but I don't know what username and password to enter.

in the config.inc.php file in any fields that I try putting in a username and a password it does not work.

I get the error:



#1045 - Access denied for user: 'testuserforexample@localhost' (Using password: YES)

Where do I assign the sername and password?

 

[Kozusnik]

btween,
Sorry, I made some assumptions. You probably will not be able to use root if this is hosted remotely. Did they give you a user/pass to use?

Try this...

$ mysql -uroot -p

It will ask for a password. If the password is blank, then hit enter at the prompt and you should get the mysql> prompt. It appears as if you have no root pw right now. When you're at the mysql prompt, type this...

UPDATE mysql.user SET PASSWORD = 'testpas' WHERE User = 'root';

The "PASSWORD('')" may not be used.

Hopefully this will fix things.

As for the
"$ htpasswd -cf /etc/httpd/conf/mypassfile username password"
line. It's for creating hidden 'config' files in folders on apache web servers to be used in conjunction with password files(/etc/httpd/conf/mypassfile) for allowing/blocking access to that folder. Granted, it's not the best solution for most projects, it's a very good solution for blocking access for phpMyAdmin.

Mark

 

[jpadie]

Mark

how would you counsel use of htaccess if the user does not have terminal access?

apart from cpanel the only work around i have come cross is to use the rather clunky phpterm (phpterm.sourceforge.net. i'd be interested if there are other workarounds.

thanks

 

[btween]

Thanks Mark, I ended up using the adinistrative tool's protection mechanism, not my ideal solution but it works.

I found your posting regarding changing the mysql default password useful, as I now know how to change the password in my connections file.

I typically work with ASP, in which I can do everything via ftp, as opposed to using a terminal.

 

[Kozusnik]

jpadie,
Without terminal access, I guess you could use ftp. You could build the two files locally, then upload them to the directories. The only issues I see would be 1. Can you write the password file outside of the web accessible folders for security, and 2. Is apache set up to use .htaccess as a security method.

I've had to do some funky things dealing with the environment I work from. For example... I modify a file from home, then I log in remotely into a Citrix Win2000 environment. I can't run ftp from there, so I ssh to my linux boxes, create an smb mount to a windows share and pass my files through that way. What a pain in the...well you know.

Mark

 

[jpadie]

thanks Mark.

for myself in some of my hosted environments i don't have access to folders outside the root (or at least not write access) apart from the temp folder which would not be a great idea. also i don't use linux for development so i have no environment in which to create the htpassword files (i bet if i dig hard enough there is a win32 app to do this...) -

so what i end up doing is (i) creating a false root with appropriate deby from all directives and making all domain names point one level lower; (ii) using system() to run the htpassword creation commands.

however from time to time i need better shell access than this and so use phpterm. it's clunky and only one stage better than system(), but it saves me "shelling" out for shell access on my lower cost hosts.