Secure phpMyAdmin in Linux, Azure Virtual Machine

Learn how we can install and configure phpmyadmin, there are some security issues with it lets discuss them and there solutions.

Security


phpMyAdmin has serious security vulnerability, allowing user to exploit root on underlying virtual private network. You can prevent these attacks by just locking down the whole directory with a username and password. It will secure you phpMyAdmin.

Set up .htaccess file

In order to setup .htaccess file first you have to get access to apache.conf
  1. Sudo nano /etc/phpmyadmin/apache.conf  
You will find a Directory section all you need is to add "AllowOverride All" it will look like this. Add.
  1. <Directory /usr/share/phpmyadmin>  
  2. Options FollowSymLinks  
  3. DirectoryIndex index.php  
  4. AllowOverride All  
  5. [. . .]  
Configure .htaccess file

With this file we are able to setup a native user to access phpmyadmin.

First create .htaccess page in the phpmyadmin directory
  1. sudo nano /usr/share/phpmyadmin/.htaccess  
Now copy and paste following text in it.
  1. AuthType Basic  
  2. AuthName "Restricted File"  
  3. AuthUserFile /etc/apache2/.phpmyadmin.htpasswd  
  4. Require valid-user  
Now restart apache.
  1. sodu service apache2 restart  
Create htpasswd file

Now it's time to create valid username and password that you can remember.
  1. Sudo htpasswd –c /etc/apache2/.phpmyadmin.htpasswd username  
A prompt will ask you to enter a password and confirm password. Once you are done now restart apache.

Now access phpmyadmin it will ask you to enter username and password that you setup.