Developing a web program under Linux, now popular development methods are: Developing a web program with a PHP, use Apache to do Web Server, Mysql acts as a background management database. This combination makes the development web program simple, safe and efficient. Since the program is running under Linux, although the copyright fee is removed, the management of the database is less than the graphical interface management tool under Windows, so it is a bit difficult to use. Now has a program written by PHP development enthusiasts to manage Linux, PHPMYADMIN can solve the ease of use of use. PhpMyAdmin is valid for the database line under Linux, and the user can create a new delete database, add, delete, modify the table structure, and table data through the web browser, and return the query statement by form, return data results. Therefore, there are now a lot of Linux servers use the phpmyadmin management database.
PHPMYADMIN is a program that is placed on the server side through the browser interface management, so make sure that its directory security is very important, otherwise the data will cause data to be stolen and even maliciously destroyed. The general prevention measures will be described in detail below.
First, modify the phpmyadmin directory name:
Before you do not modify the directory name, others can easily inspect the name of this directory and cause safety hazards. For example, assume that a domain name of a Linux host is: www.test.com, then enter the address bar in the address bar without modifying the directory name: www.test.com/phpmyadmin/ will enter the phpMyAdmin manager. So if you rename the phpMyadmin directory as a directory that others are not easy to know, such as MyNameAdmin, which, when you manage your own database, just type: www.test.com/mynameAdmin/ can manage the database. (Note: The phpmyadmin directory name will be used below, if the directory name has been changed, just rename the phpMyAdmin as a new directory name.)
Second, the user authentication is applied to the phpMyAdmin directory: This is a method that many websites require user verification, so when the user first browsing into the directory, there will be a prompt window, prompting the user to enter the username and password verification, It is implemented by using the standard mod_auth module of Apache Server, the specific method of operation is as follows:
1, VI Edit Apache Server Profile, make sure there are two sentences in the files without adding, if these two sentences have a "#" symbol, remove the "#" number. DocumentRoot / Data / Web / Apache / Public / HTDOCS AccessFileName. HTACCESS Alloerride All
2, passwd program creation user file: htpasswd - c /data/web/apache/secRects/.htpasswd 88998 where, -c means option tells htpasswd you want to generate a new user file, / data / web / apache / secRects / is You want to store the directory of the.htpasswd file, the file name is .htpasswd, 88998 is the username used when verifying, after being touched by the above command, the system prompts you to enter your password, this password is the password you need to use when verifying. This password is encrypted in the .htpasswd file. Now use more to view the /Data/web/apache/secRects/.htpasswd file, you can see that there is a row of usernames and a series of encrypted passwords.
3, create .htaccess file: Using the text editor, create a .htaccess file under the directory phpMyAdmin (if you have changed the name, it is a new directory name), add the following statement in the file: Authname "User Verification" Authty Basic Authorfile / Data / Web / Apache / PUBLIC / HTDOCS / PHPMYADMIN / HTDOCS / PHPMYADMIN / .HTPASSWDREQUIRE User 88998 After saving, then go to the phpMyAdmin directory, the prompt verification window, enter the username and password you just created with the htpasswd command to enter the directory. Third, increase the host-based access control:
After modifying the directory name and increasing the access verification mechanism, it should be said that the current phpMyAdmin is very safe, but because the phpmyadmin directory is generally only the database administrator, in order to prevent someone to know the directory name and verification password, it can also increase the following host-based host Access control, host-based access is implemented by verifying the user machine IP, i.e., only the eligible IP can be asked to ask the directory, otherwise the access is refused. Modify the .htaccess file is as follows:
Authname "User Verification" Authtype Basic Authorfile /Data/web/apache/public/htdocs/phpmyadmin/.htpasswdrequire User 88998
Order Deny, Allow Deny from all allow from 202.100.222.80
Here, three host access control instructions are added, where the value of the first ORDER directive is a list of comma, indicates which instructions have higher priority, and the second instruction DENY definition cannot access the directory. The host, the third instructions Allow definition can access the host of the directory, so that the directory can access the directory in addition to the IP address of 202.100.222.80, other users can access, the reader can put the address as a user Database admin IP.
Summary: Based on the above three points, it is possible to ensure the security of the phpmyadmin directory, and non-database administrators will be difficult to read data through the phpMyAdmin program. What is mentioned here is for the phpMyAdmin directory, and other directories need to be added to this method.
