php 如何限制对phpmyadmin的访问?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/3687940/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to restrict access to phpmyadmin?
提问by nan
Possible Duplicate:
How to secure phpMyAdmin
可能重复:
如何保护 phpMyAdmin
I use phpmyadmin to preview the database of my website. However, everyone can access the login page of my phpmyadmin by simply typing example.com/phpmyadmin
我使用 phpmyadmin 来预览我网站的数据库。但是,每个人都可以通过简单地输入来访问我的 phpmyadmin 的登录页面example.com/phpmyadmin
I am not an expert in network security but I assume this isn't very secure.
我不是网络安全方面的专家,但我认为这不是很安全。
How can I restrict the access to the login page(maybe creating some alias like example.com/a4ebb72d).
I heard about allowing access only for specified IPs, but it won't help because I have dynamically assigned IP.
我如何限制对登录页面的访问(可能创建一些别名example.com/a4ebb72d)。我听说只允许对指定的 IP 进行访问,但这无济于事,因为我已经动态分配了 IP。
I'd be thankful for your tips.
我会很感激你的提示。
回答by Lekensteyn
Exposing any part of phpMyAdmin is a potential risk. You could use Apache's Allow/Deny directives:
暴露 phpMyAdmin 的任何部分都存在潜在风险。您可以使用 Apache 的允许/拒绝指令:
Order Deny,Allow
Deny from All
Allow from 12.34.56.78
Replace 12.34.56.78with your IP address, and put this in a .htaccess file in your phpMyAdmin folder.
替换12.34.56.78为您的 IP 地址,并将其放入 phpMyAdmin 文件夹中的 .htaccess 文件中。
回答by polemon
I'd make that server listen on 127.0.0.1and then use port forwarding with SSH...
我会让那个服务器监听127.0.0.1,然后使用 SSH 端口转发......
Make sure, the server serving phpMyAdmin only serves to 127.0.0.1, and then run
确定,服务phpMyAdmin的服务器只服务到127.0.0.1,然后运行
$ ssh -L4545:localhost:80 yourserver.com
and then point your browser to http://127.0.0.1:4545/phpmyadmin, you should be able to access phpmyadmin as long as your SSH session is active. You can even make a shell script to automate this.
然后将浏览器指向http://127.0.0.1:4545/phpmyadmin,只要您的 SSH 会话处于活动状态,您就应该能够访问 phpmyadmin。您甚至可以制作一个 shell 脚本来自动执行此操作。
This works with PuTTY as well.
这也适用于 PuTTY。
回答by Josh Leitzel
As you said, you can change the name of the directory to be something that is not easily guessable.
正如您所说,您可以将目录名称更改为不易猜测的名称。
You can also place the directory (or a parent directory, if you can't do it in the phpmyadmindirectory directly) under password protection using .htaccess. Regardless of this perceived enhanced security, it's probably not going to be much more secure. After all, phpMyAdmin requires a login and a password just as much as .htaccesswould, so if you use weak passwords or password practices, you're still just as vulnerable, so obviously make sure that both user/password combinations are both unique and strong.
您也可以放置的目录(或父目录,如果你不能在做phpmyadmin目录直接)下的密码保护使用.htaccess。不管这种感知增强的安全性如何,它可能不会更安全。毕竟,phpMyAdmin 和密码一样需要登录名和密码.htaccess,所以如果您使用弱密码或密码实践,您仍然同样容易受到攻击,因此显然要确保两个用户/密码组合都是唯一且强大的。
The best thing you can do is ensure that all your phpMyAdmin users/passwords are secure and that you only entrust them to people you trust. Keep in mind that phpMyAdmin allows for the dropping of tables and entire databases, so keep regular backups and continually ensure the integrity of the data on your server, because in reality hiding the directory name or placing it behind another login barrier is only worthwhile if your password practices are as secure as possible to begin with.
您能做的最好的事情是确保您所有的 phpMyAdmin 用户/密码都是安全的,并且您只将它们委托给您信任的人。请记住,phpMyAdmin 允许删除表和整个数据库,因此请定期备份并不断确保服务器上数据的完整性,因为实际上隐藏目录名称或将其放置在另一个登录屏障之后才值得密码实践一开始就尽可能安全。
回答by Adam
I suppose you could install phpMyAdmin in a directory behind a firewall so that only users with inside access could get to it.
我想您可以将 phpMyAdmin 安装在防火墙后面的目录中,以便只有具有内部访问权限的用户才能访问它。
