![]() You can do this using robots.txt file in the root of your webserver or limit access by web server configuration, see 1.42 How can I prevent robots from accessing phpMyAdmin?. It is generally a good idea to protect a public phpMyAdmin installation against access by robots as they usually can not do anything good there.Deny access to temporary files, see $cfg (if that is placed inside your web root, see also Web server upload/save/import directories.For the Apache webserver, this is often accomplished with a. Such configuration prevents from possible path exposure and cross side scripting vulnerabilities that might happen to be found in that code. templates/ subfolders in your webserver configuration. Properly choose an authentication method – Cookie authentication mode is probably the best choice for shared hosting.Remove the setup directory from phpMyAdmin, you will probably not use it after the initial setup.Remove the test directory from phpMyAdmin, unless you are developing and need a test suite.Ensure your PHP setup follows recommendations for production sites, for example display_errors should be disabled.Preferably, you should use HSTS as well, so that you’re protected from protocol downgrade attacks. Follow our Security announcements and upgrade phpMyAdmin whenever new vulnerability is published.The phpMyAdmin team tries hard to make the application secure, however there are always ways to make your installation more secure: htaccess file with the HTTP-AUTH directive or disallowing incoming HTTP requests at one’s router or firewall will suffice (both of which are beyond the scope of this manual but easily searchable with Google). Use of some restriction method is suggested, perhaps a. ![]() This is by design but could allow any user to access your installation.
0 Comments
Leave a Reply. |