Security | Program Linux under the development of Web programs, now very popular development methods: using PHP to develop Web programs, using Apache Web Server,mysql as a background management database. This combination makes the development of Web programs simple, secure, and efficient. Because the program is running under Linux, although the copyright fee is removed, the management of the database is less than the graphical interface management tools under Windows, so it is a little difficult to use. Now have a set of PHP developers to write the management of Linux database under the program, phpMyAdmin can be very good to solve the use of usability problems.
phpMyAdmin to manage the database under Linux is effective, users can create a new delete database through a Web browser, add, delete, modify table structure and table data, but also through the form to submit query statements, return data results. As a result, many Linux servers now use phpMyAdmin to manage databases.
phpMyAdmin is a set of server-side programs that are managed through the browser interface, so it is important to ensure that the directory is secure, otherwise it will lead to data theft and even malicious destruction. The general precautions are described below.
First, modify the phpMyAdmin directory name:
Without modifying the directory name, it is easy for others to gain insight into the directory name, creating a security risk. For example, if a Linux host domain name is: www.test.com, then do not modify the directory name, in the address bar input: www.test.com/phpMyAdmin/will enter the phpMyAdmin management program. So if you rename the phpMyAdmin directory to a directory that is not easily known to others, such as mynameadmin, you can manage your database by typing: www.test.com/mynameadmin/When you are managing your database. (Note: The phpMyAdmin directory name will still be used below, and if the directory name is changed, simply rename the phpMyAdmin to the new directory name.) )
Second, the phpMyAdmin directory plus user authentication:
This is a lot of Web sites need users to verify the commonly used methods, so that when the user first browse into the directory, will appear a prompt window, prompts the user to enter the user name and password authentication, it is through the use of Apache server Standard Mod_auth module to achieve, the specific methods of operation are as follows:
1, vi edit Apache server configuration file, to ensure that the following two words in the file without comment, if the two words before the "#" symbol, remove the "#" number.
Documentroot/data/web/apache/public/htdocs
Accessfilename. Htaccess
Alloerride All
2, passwd program to create user files:
Htpasswd-c/data/web/apache/secrects/.htpasswd 88998
Where the-C indicates the option to tell HTPASSWD that you want to generate a new user file,/data/web/apache/secrects/is the directory where you want to store the. htpasswd file, which is called. htpasswd,88998 is the user name to use when validating , knock as above command, the system prompts you to enter the password, this password is the authentication need to use the password, the password in the. htpasswd file is encrypted. Now with more to view the/data/web/apache/secrects/.htpasswd file, you can see that there is a line of user names and a string of encrypted passwords.
3, create the. htaccess file:
Using a text editor, create the. htaccess file in the directory phpMyAdmin (if it is renamed, the new directory name), and add the following statement to the file:
AuthName "User Authentication"
AuthType Basic
authuserfile/data/web/apache/public/htdocs/phpmyadmin/.htpasswd
Require user 88998
After you save the operation, look at the phpMyAdmin directory, you will be prompted to verify the window, enter the user name and password just created with the htpasswd command to enter the directory.
third, increase host-based access control:
After modifying the directory name and increasing the access verification mechanism, it should be said that the current phpmyadmin is already very safe, but because the phpMyAdmin directory is generally only database administrators, to prevent others know the directory name and authentication password, you can also increase the following host-based access control, Host-based access is achieved by verifying the user's machine IP, that is, only qualified IP can ask the directory, or deny access.
Modify the. htaccess file as follows:
AuthName "User Authentication"
AuthType Basic
authuserfile/data/web/apache/public/htdocs/phpmyadmin/.htpasswd
Require user 88998
Order Deny,allow
Deny from all
Allow from 202.100.222.80
There are three host-based access control instructions added here, the value of the first order instruction is a comma-delimited list of which instructions have higher precedence, the second instruction deny defines the host that cannot access the directory, and the third instruction allow defines the hosts that can access the directory, so , the directory can access the directory in addition to the IP address of the 202.100.222.80 machine, the other is inaccessible, the reader may put the address of the user database administrator IP.
Summary: By combining the above three points, it is very good to ensure the security of the phpMyAdmin directory, it is difficult for non-database administrators to read data through the phpMyAdmin program. Here is the talk about the phpMyAdmin directory, other directories, if you want to add access restrictions, you can also operate in this way.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
