In this case,
we should use the directory-protection mechanism offered by our web server (for
example, .htaccess, a file with a leading dot) to add a level of protection.
If we chose to use http or cookie authentication types, our data would be safe
enough, but we should take the normal precautions with our password (including its
periodic change).
??? ??? ??? ???
Installing phpMyAdmin
[ 38 ]
The directory where phpMyAdmin is installed contains sensitive data. Not only the
configuration file but also ultimately all scripts stored there must be protected from
alteration. We should ensure that apart from us, only the web server effective user has
read access to the files contained in this directory and that only we can write to them.
phpMyAdmin's scripts never have to modify anything inside this
directory, except when we use the Save export file to server feature,
which is explained in Chapter 7.
Another possible attack is from other developers having an account on the same web
server as us. In this kind of attack, someone can try to open our config.inc.php
file. Since this file is readable by the web server, someone could try to include
our file from their PHP scripts. This is why it is recommended to use PHP's
open_basedir feature, possibly applying it to all directories from which such attacks
could originate.
Pages:
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64