diff options
| author | Michal Čihař <michal@cihar.com> | 2015-07-22 11:42:32 +0300 |
|---|---|---|
| committer | Michal Čihař <michal@cihar.com> | 2015-07-22 11:42:32 +0300 |
| commit | 27c5a92f97e96e2cc74c98f7b9d10d5553d8bc05 (patch) | |
| tree | 0caf076e094642996ebf5bf17a958c8ca5151b33 | |
| parent | ef70037f2bce6d9e1793a2508a1c5e20b8a969ed (diff) | |
Document how to configure Apache to request HTTP auth for phpMyAdmin
Signed-off-by: Michal Čihař <michal@cihar.com>
| -rw-r--r-- | doc/setup.rst | 18 |
1 files changed, 17 insertions, 1 deletions
diff --git a/doc/setup.rst b/doc/setup.rst index 3f96746c0d..172a41fd76 100644 --- a/doc/setup.rst +++ b/doc/setup.rst @@ -625,7 +625,23 @@ are always ways to make your installation more secure: phpMyAdmin, you can use :config:option:`$cfg['Servers'][$i]['AllowDeny']['rules']` to limit them. * Consider hiding phpMyAdmin behind an authentication proxy, so that users need to authenticate prior to providing MySQL credentials - to phpMyAdmin. + to phpMyAdmin. You can achieve this by confiuring your web server to request + HTTP authentication. For exaple in Apache this can be done by: + + .. code-block:: apache + + AuthType Basic + AuthName "Restricted Access" + AuthUserFile /usr/share/phpmyadmin/passwd + Require valid-user + + Once you have changed configuration, you need to create list of users which + can authenticate. This can be done using :program:`htpasswd` utility: + + .. code-block:: sh + + htpasswd -c /usr/share/phpmyadmin/passwd username + * If you are afraid of automated attacks, enabling Captcha by :config:option:`$cfg['CaptchaLoginPublicKey']` and :config:option:`$cfg['CaptchaLoginPrivateKey']` might be an option. |