diff options
author | Madhura Jayaratne <madhura.cj@gmail.com> | 2015-07-22 13:04:57 +0300 |
---|---|---|
committer | Madhura Jayaratne <madhura.cj@gmail.com> | 2015-07-22 13:04:57 +0300 |
commit | 1c39ce5ccf890807e0287091b4a9db0e16c1fbe5 (patch) | |
tree | 73b6da5fbce5996f180861fb7c2c495631838e75 /doc/setup.rst | |
parent | 81f5c747c256d01025be0034cab5a949369008ab (diff) | |
parent | 27c5a92f97e96e2cc74c98f7b9d10d5553d8bc05 (diff) |
Merge branch 'master' of github.com:phpmyadmin/phpmyadmin
Diffstat (limited to 'doc/setup.rst')
-rw-r--r-- | doc/setup.rst | 18 |
1 files changed, 17 insertions, 1 deletions
diff --git a/doc/setup.rst b/doc/setup.rst index 3f96746c0d..172a41fd76 100644 --- a/doc/setup.rst +++ b/doc/setup.rst @@ -625,7 +625,23 @@ are always ways to make your installation more secure: phpMyAdmin, you can use :config:option:`$cfg['Servers'][$i]['AllowDeny']['rules']` to limit them. * Consider hiding phpMyAdmin behind an authentication proxy, so that users need to authenticate prior to providing MySQL credentials - to phpMyAdmin. + to phpMyAdmin. You can achieve this by confiuring your web server to request + HTTP authentication. For exaple in Apache this can be done by: + + .. code-block:: apache + + AuthType Basic + AuthName "Restricted Access" + AuthUserFile /usr/share/phpmyadmin/passwd + Require valid-user + + Once you have changed configuration, you need to create list of users which + can authenticate. This can be done using :program:`htpasswd` utility: + + .. code-block:: sh + + htpasswd -c /usr/share/phpmyadmin/passwd username + * If you are afraid of automated attacks, enabling Captcha by :config:option:`$cfg['CaptchaLoginPublicKey']` and :config:option:`$cfg['CaptchaLoginPrivateKey']` might be an option. |