org/wiki/
Regular_expression) representing what to exclude. If we do not want users to see
all databases whose names begin with secret we would use:
$cfg['Servers'][$i]['hide_db'] = '^secret';
These parameters apply to all users for this server-specific configuration.
Chapter 2
[ 41 ]
These mechanisms do not replace the MySQL privilege system. Users'
rights on other databases still apply, but they cannot use phpMyAdmin's
left panel to navigate to their other databases or tables.
Protecting In-Transit Data
HTTP is not inherently immune to network sniffing (grabbing sensitive data off the
wire), so if we want to protect not only our username and password but all the data
that travels between our web server and browser, we have to use HTTPS.
To do so, assuming that our web server supports HTTPS, we just have to start
phpMyAdmin by putting https instead of http in the URL as follows:
https://www.mydomain.com/phpMyAdmin
If we are using PmaAbsoluteUri auto-detection:
$cfg['PmaAbsoluteUri'] = '';
phpMyAdmin will see that we are using HTTPS in the URL and react accordingly. If
not, we must put the https part in this parameter as follows:
$cfg['PmaAbsoluteUri'] = 'https://www.mydomain.com/phpMyAdmin';
Also, since phpMyAdmin 2.7.0, we can automatically switch users to an HTTPS
connection with this setting:
$cfg['ForceSSL'] = TRUE;
Upgrading phpMyAdmin
Normally, upgrading is just a matter of installing the newer version into a separate
directory and copying the previous version's config.
Pages:
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68