3. Secure users (pma included), Tutorial

Share it

Learn to Secure the pma user and the rest

Steps:

start MySQL
access phpMyAdmin
edit pma user's privileges
add a password
save & test
check other users

Video demonstration XAMPP: Secure users (pma included)

3. Secure users (pma included), Tutorial

min	video details
00:03	connect to phpMyAdmin
00:07	provide the user and the password If you want to know how to password protect phpMyAdmin, click here for a video demo
00:19	click on Users menu to check user's privileges
00:24	note: pma user has No password
00:29	test: indeed, we can connect to phpMyAdmin with 'pma' user and no password
00:38	reconnect to phpMyAdmin with 'root' user which is the ADMIN user, meaning you have ADMIN RIGHTS, you are able to add a password to 'pma' user
00:51	select the user and click on 'Edit Privileges' button
01:03	add a password for pma user
01:08	save it (click on 'GO' button)
01:24	refresh
01:25	pma user has now a password set
01:30	check the message "Connection to controluser as defined in your configuration failed"
01:37	stop MySQL server, we will modify phpMyAdmin's configuration file 'config.inc.php'
01:48	open 'config.inc.php' file with a text editor ; e.g. Notepad++
01:53	type in the password for the pma user and save file
02:02	restart MySQL
02:09	open phpMyAdmin
02:16	test for 'pma' user: unable to connect without a password
02:37	reconnect to phpMyAdmin with admin rights ('root' user) to check for other vulnerabilities
02:54	another user: 'any' with no password, it means 'any user could connect with no password'
03:02	test ok: fill in whatever you want for 'Username' field and leave blank the 'Password' field
03:18	another test ok
03:38	let's fix this: reconnecting to phpMyAdmin with admin rights and remove the 'any' user from Users table
04:05	another test ok: we are no longer able to connect using some random user and no password