Issue
I'm able to login on phpMyAdmin with a root user and other users, even though I have restricted login to localhost. How can I fix this problem and restrict access to only one specified user remotely. Every other user account shouldn't be accessible remotely, especially root.
Solution
As @Matt Clark points out, the MySQL user privileges consider the connection between MySQL and the web server. In order to restrict users from connecting to phpMyAdmin, you'll have to either configure your webserver to be more restrictive or use some of the protections included with phpMyAdmin.
Luuk mentioned that the AllowRoot directive can allow you to restrict root from connecting, but you might want to look at the allow/deny rules instead (or in addition): https://docs.phpmyadmin.net/en/latest/config.html#cfg_Servers_AllowDeny_rules. These go in your phpMyAdmin configuration file, config.inc.php, in the server-specific section. If you don't already have a config.inc.php file, you can create one in the same directory as the main phpMyAdmin installation, with this content, then put any additional directives at the end.
<?php
$i=0;
$i++;
If you'll always connect from the same IP address or range, something like this might be to your liking, adjusted of course for the proper username and addresses:
$cfg['Servers'][$i]['AllowDeny']['order'] = 'allow,deny';
$cfg['Servers'][$i]['AllowDeny']['rules'] = array('allow jan from 192.168.74.[0-255]');
Or, to allow access from any IP address,
$cfg['Servers'][$i]['AllowDeny']['order'] = 'allow,deny';
$cfg['Servers'][$i]['AllowDeny']['rules'] = array('allow jan from any');
By the way, as two other common security measures, phpMyAdmin also has support for two-factor authentication and can log failed login attempts such that a tool like fail2ban can be used.
Answered By - Isaac Bennetch
Posts
0 Comments:
Post a Comment
Note: Only a member of this blog may post a comment.