Secure phpMyAdmin in Linux

In past session we learn how we can install and configure phpmyadmin, there are some security issues with it lets discuss them and there solutions.

Security: 

phpMyAdmin has serious security vulnerability, allowing user to exploit root on underlying virtual private network. You can prevent these attacks by just locking down the whole directory with a username and password. It will secure you phpMyAdmin.

Set up .htaccess file:

In order to setup .htaccess file first you have to get access to apache.conf

 
Sudo nano /etc/phpmyadmin/apache.conf

 
You will find a Directory section all you need is to add "AllowOverride All" it will look like this. Add.

 
<Directory /usr/share/phpmyadmin>
    Options FollowSymLinks
    DirectoryIndex index.php
    AllowOverride All
    [. . .]

 
Configure .htaccess file:

With this file we are able to setup a native user to access phpmyadmin.

First create .htaccess page in the phpmyadmin directory

sudo nano /usr/share/phpmyadmin/.htaccess

Now copy and paste following text in it.

AuthType Basic
AuthName "Restricted File"
AuthUserFile /etc/apache2/.phpmyadmin.htpasswd
Require valid-user


Now restart apache.

sodu service apache2 restart

 
Create htpasswd file:

 
Now it's time to create valid username and password that you can remember.

 
Sudo htpasswd –c /etc/apache2/.phpmyadmin.htpasswd username


 
A prompt will ask you to enter a password and confirm password. Once you are done now restart apache.

Now access phpmyadmin it will ask you to enter username and password that you setup.