I had some gaming scripts installed on my site and the makers of the scripts did it for me for free. When they was doen they emailed me and said this as a side notte:

WARNING
Your PhpMyAdmin is not password protected; it can be accessed by anyone.
You should password protect this directory ASAP to avoid misuse.
Contact your web hosting provider if you need help password protecting
this directory.

Of course I called tech support and they would not help me. They said as long as permissions where set at 755 I was fine. Man this tech support guy was not very nice either. Guess they don't like new guys around here. :(

Can someone tell me what I need to do if in fact I need to do this? Thank you

Yes you do need to apply password protection, the permissions set to 755 will allow anyone to access your PHPMyadmin unless you use the password protection.

You can go here (http://help.powweb.com/tutorials/htaccess/passprotect.php) to find out how to apply password protection.

Hope this helps!! :)

few questions:

when making the .htaccess fie it says in tutorial to upload to htdocs. Then in the step iii. it says to not upload it to htdocs and to upload it to the folder I want ot protect. So do I put it in htdoc or in phpMyAdmin?

Second it says to put this info in:
u = First Letter of your username
username = OPS Username
test = You can write anything here...This will display on the authentication box. e.g. XYX's Members Area

username for which area? My FTP log in?

Third the tutorial for creating .htpasswd is the same for .htaccess so I follow same steps but I name it .htpasswd instead correct?

And last it says:

"Upload .htpasswd above the htdocs folder (that is where there is the htdocs, cgi-bin etc..), in ASCII mode"

what do they mean above? Just upload it to the same are where htdocs, cgi-bin is? So I will have htdocs, cgi-bin, .htaccess and .htpasswd, correct?

Thank you for your help.

>>>when making the .htaccess fie it says in tutorial to upload to htdocs. Then in the step iii. it says to not upload it to htdocs and to upload it to the folder I want ot protect. So do I put it in htdoc or in phpMyAdmin?

You should put the .htaccess file in the phpmyadmin folder.

>>>Second it says to put this info in:
u = First Letter of your username
username = OPS Username
test = You can write anything here...This will display on the authentication box. e.g. XYX's Members Area
username for which area? My FTP log in?

To find your "username" login to OPS click on your package then click "HTTP (Website)" then you will see a path:

Example: /www/b/bob123/htdocs/

"bob123" would be your username.


>>>Third the tutorial for creating .htpasswd is the same for .htaccess so I follow same steps but I name it .htpasswd instead correct?

Yes, the procedure is exactly the same for creating a .htpasswd file except you put different code in the .htpasswd file (your username and encrypted pass).



>>>"Upload .htpasswd above the htdocs folder (that is where there is the htdocs, cgi-bin etc..), in ASCII mode"

what do they mean above? Just upload it to the same are where htdocs, cgi-bin is? So I will have htdocs, cgi-bin, .htaccess and .htpasswd, correct?

You won't have the .htaccess file (as it should be in the phpmyadmin directory) but yes, just put the .htpasswd in the same directory where you see the directory listing that says htdocs,ect and cgi-bin. In the .htaccess file (in the phpmyadmin directory) your authuserfile path will be /www/y/yourusername/.htpasswd.


Hope this helps!!

thank you

Originally posted by Chad711

Of course I called tech support and they would not help me. They said as long as permissions where set at 755 I was fine. Man this tech support guy was not very nice either. Guess they don't like new guys around here. :(

Can someone tell me what I need to do if in fact I need to do this? Thank you [/B]

You're right about their tech support, they are not very bright.

Another thing you can do, is rename your config.inc.php3. What this will do is not allow access to the database since this file cant be found. When you want to use phpMyAdmin, just set the name back.

Also, you may want to consider changing the folder name from phpMyAdmin to something else.

Glad to be of help :)! BTW, it is a good suggestion about changing the folder name (as Bob Hoe mentioned).

Chad711,
Here's another option. MySQL-Front
http://mysqlfront.sstienemann.de/

mySQL-Front help forum.
http://mysqlfront.venturemedia.de/index.php

Runs on your local machine, not the server.

1. Eliminates security risk.
2. Uses none of your webspace
3. myphpadmin is just another script that can go south if permissions somehow get changed.
4. Can have more than one DB open at a time.
5. Will do anything myphpadmin will.

Alphadesk,

Is there a mac version or a version for the mac that resembles MySQL-Front?

MySQL-Front
http://mysqlfront.sstienemann.de/

Kris

I just followed the original steps to make it password protected. That was pretty cool. I could use that for other stuff in the future.