HTML, XHTML and CSS All-In-One for Dummies - Andy Harris [249]
1. Log into phpMyAdmin as normal.
The main screen looks like Figure 1-5. Note the scary warning of gloom at the bottom. You’re about to fix that problem.
Figure 1-5: Here’s the main phpMyAdmin screen with a privileges link.
2. Click the Privileges link to modify user privileges.
The new screen looks something like Figure 1-6.
3. Edit the root user.
Chances are good that you have only one user, called root (and maybe another called pma which is the phpMyAdmin user). The root account’s Password field says No. You’ll be adding a password to the root user. The icon at the right allows you to edit this record. (Hover your mouse over the small icon to see ToolTips if you can’t find it.) The edit screen looks like Figure 1-7.
4. Examine the awesome power of the root administrator.
Even if you don’t know what all these things are, root can clearly do lots of things, and you shouldn’t let this power go unchecked. (Consult any James Bond movie for more information on what happens with unfettered power.) You’re still going to let root do all these things, but you’re going to set a password so that only you can be root on this system. Scroll down a bit on the page until you see the segment that looks like Figure 1-8.
Figure 1-6: The various users are stored in a table.
Figure 1-7: You can use this tool to modify the root user’s permissions.
Figure 1-8: This area is where you add the password.
5. Assign a password.
Simply enter the password in the Password box, and then reenter it in the next box. Be sure that you type the same password twice. Follow all your typical password rules (six or more characters long, no spaces, case-sensitive).
6. Hit the Go button.
If all went well, the password changes.
7. Recoil in horror.
Try to go back to the phpMyAdmin home (with the little house icon), and something awful happens, as shown in Figure 1-9.
Don’t panic about the error in Figure 1-9. Believe it or not, this error is good. Up to now, phpMyAdmin was logging into your database as root without a password (just like the baddies were going to do). Now, phpMyAdmin is trying to do the same thing (log in as root without a password), but it can’t because now root has a password.
What you have to do is tell phpMyAdmin that you just locked the door, and give it the key. (Well, the password, but I was enjoying my metaphor.)
Figure 1-9: That message can’t be good. Maybe I should have left it vulnerable.
1. Find the phpMyAdmin configuration file.
You have to let phpMyAdmin know that you’ve changed the password. Look for a file in your phpMyAdmin directory called config.inc.php. (If you used the default XAMPP installation under Windows, the file is in C:\Program Files\xampp\phpMyAdmin\config.inc.php.)
2. Find the root password setting.
Using the text editor’s search function, I found it on line 70, but it may be someplace else in your editor. In Notepad++, it looks like Figure 1-10.
3. Change the root setting to reflect your password.
Enter your root password. For example, if your new password is myPassword, change the line so that it looks like
$cfg[‘Servers’][$i][‘password’] = ‘myPassword’; // MySQL password
Of course, myPassword is just an example. It’s really a bad password. Put your actual password in its place.
4. Save the config.inc.php file.
Save the configuration file and return to phpMyAdmin. You may need to set the file’s permissions to 644 if you’re on a Mac or Linux machine.
Figure 1-10: Here’s the username and configuration information.
5. Try getting into phpMyAdmin again.
This time, you don’t get the error, and nobody is able to get into your database without your password. You shouldn’t have to worry about this issue again, but whenever you connect to this database, you do need to supply the username and password.
Adding a user
Changing the root password is the absolute minimum security measure, but it’s not the only one. You can add various virtual users to your system to protect