3. Secure users (pma included), Tutorial
Learn to Secure the pma user and the rest
Steps:
- start MySQL
- access phpMyAdmin
- edit pma user's privileges
- add a password
- save & test
- check other users
Video demonstration XAMPP: Secure users (pma included)
3. Secure users (pma included), Tutorial
min | video details |
---|---|
00:03 | connect to phpMyAdmin |
00:07 | provide the user and the password If you want to know how to password protect phpMyAdmin, click here for a video demo |
00:19 | click on Users menu to check user's privileges |
00:24 | note: pma user has No password |
00:29 | test: indeed, we can connect to phpMyAdmin with 'pma' user and no password |
00:38 | reconnect to phpMyAdmin with 'root' user which is the ADMIN user, meaning you have ADMIN RIGHTS, you are able to add a password to 'pma' user |
00:51 | select the user and click on 'Edit Privileges' button |
01:03 | add a password for pma user |
01:08 | save it (click on 'GO' button) |
01:24 | refresh |
01:25 | pma user has now a password set |
01:30 | check the message "Connection to controluser as defined in your configuration failed" |
01:37 | stop MySQL server, we will modify phpMyAdmin's configuration file 'config.inc.php' |
01:48 | open 'config.inc.php' file with a text editor ; e.g. Notepad++ |
01:53 | type in the password for the pma user and save file |
02:02 | restart MySQL |
02:09 | open phpMyAdmin |
02:16 | test for 'pma' user: unable to connect without a password |
02:37 | reconnect to phpMyAdmin with admin rights ('root' user) to check for other vulnerabilities |
02:54 | another user: 'any' with no password, it means 'any user could connect with no password' |
03:02 | test ok: fill in whatever you want for 'Username' field and leave blank the 'Password' field |
03:18 | another test ok |
03:38 | let's fix this: reconnecting to phpMyAdmin with admin rights and remove the 'any' user from Users table |
04:05 | another test ok: we are no longer able to connect using some random user and no password |