12
Thanks "mOnty" reply, there maybe little misunderstanding...
The issues originated from mainfile.php and the 'hole' I refer to 'the hardcoded username/password at mainfile.php'
If somebody read username/password, then I afraid they can make use of phpMyadmin through browser to access the DB! So, I wanna ask if there are any security comments/alternatives about this hardcode?
Quote:
m0nty wrote:
Quote:
danielh2o wrote:
In my case, need to use phpMyadmin from browser to accerss DB, so I afraid someone (can read sensitive info. from mainfile.php) can get this hole.
what hole?
i access phpmyadmin via my browser along with every1 else who uses phpmyadmin, i can't understand your issue of being afraid of mainfile being read by using phpmyadmin??
phpmyadmin needs to be in a secure section of your site anyway if your control panel doesn't have phpmyadmin installed, and the username and password are also in the phpmyadmin config files.. which is why the phpmyadmin folder shud be protected. most servers are setup so that only scripts originating from your own server can access the MySQL database.. any outside connections will be refused.. which means even if somebody does read your mainfile.php file there aint much they can do with it anyway as all attempts to connect to the database will be refused if they aren't from scripts on your server..
