What technique do you folks use to keep your passwords and user names out of 
the phpMyAdmin config.inc file. 

Thanks,

Al

> What technique do you folks use to keep your passwords and user names out
of
> the phpMyAdmin config.inc file.
use the http auth which is included?!

yours, dreamguard.

--
 "Ich bin Vegetarier und Antialkoholiker,
 weil ich so besseren Gebrauch von meinem
 Gehirn machen kann!"
--
Author: Thomas A. Edison (1847 - 1931)

In article <3f6dbea3$0$32876$91cee783@newsreader01.highway.telekom.at>,
 "Wolfgang 'Dreamguard' Nagele" <dreamguard@dreamguard.at> wrote:

> > What technique do you folks use to keep your passwords and user names out
> of
> > the phpMyAdmin config.inc file.
> use the http auth which is included?!

But http auth sends your username and password in the clear over the 
network.

I use 'config' authentication without the password in the config.inc.php 
like this:

I put a file (say, 'worteltje_boven.inc.php') which contains my password 
outside the document root somewhere. I define my password in that file:

define('WORTELTJE_BOVEN', 'secret_password');

I then 'require' that file at the top of the config.inc.php:

require('/path/to/worteltje_boven.inc.php');

And then I do this:

$cfg['Servers'][$i]['password'] = WORTELTJE_BOVEN;

JP

-- 
Sorry, <devnull@cauce.org> is een "spam trap".
E-mail adres is <jpk"at"akamail.com>, waarbij "at" = @.

Jan Pieter Kunst wrote:

> In article <3f6dbea3$0$32876$91cee783@newsreader01.highway.telekom.at>,
>  "Wolfgang 'Dreamguard' Nagele" <dreamguard@dreamguard.at> wrote:
> 
>> > What technique do you folks use to keep your passwords and user names out
>> of
>> > the phpMyAdmin config.inc file.
>> use the http auth which is included?!
> 
> But http auth sends your username and password in the clear over the
> network.
> 
> I use 'config' authentication without the password in the config.inc.php
> like this:
> 
> I put a file (say, 'worteltje_boven.inc.php') which contains my password
> outside the document root somewhere. I define my password in that file:
> 
> define('WORTELTJE_BOVEN', 'secret_password');
> 
> I then 'require' that file at the top of the config.inc.php:
> 
> require('/path/to/worteltje_boven.inc.php');
> 
> And then I do this:
> 
> $cfg['Servers'][$i]['password'] = WORTELTJE_BOVEN;
> 
> JP
> 

Yes, this looks good. Why do you use a CONSTANT instead of plain old 
variable? Are they somehow more secure?

Here is something that I do for my own apps. I have a file like you have. But 
instead of the the real password  run it through an encryptor that I have and 
end up with something like $mypass="wouydos8737sl72lsh;als8".

I then "include" the file with these encrypted variables and run them through 
the decrypt routine (a rather short PHP class) and plug that result into 
session variables. 

What I could do for myphpadmin config is something similar. I just thought 
there might be an easier way.

In article <Bvkbb.1004$vS.471@newsread3.news.pas.earthlink.net>,
 "Adams-Blake Co." <atakeoutcanton@adams.takeme.out.-blake.com> wrote:

> Yes, this looks good. Why do you use a CONSTANT instead of plain old 
> variable? Are they somehow more secure?

There is no particular reason I used a constant instead of a variable in 
this case. Now that I think of it, constants may be more secure than 
variables in the sense that they can't be redefined during execution of 
the script, so there is no way that someone can maliciously change their 
values to something evil. But I don't think that applies to this 
phpmyadmin setup. (A changed value for the mysql password would simply 
not work.)

JP

-- 
Sorry, <devnull@cauce.org> is een "spam trap".
E-mail adres is <jpk"at"akamail.com>, waarbij "at" = @.