I've been trying to setup the security measures recommended in this thread and ran into a couple walls. Im running ubuntu 7.1, with the latest pma, mysql, apache2 via apt-get. I made the following changes in /etc/myphpadmin/config.inc.php
$cfg['PmaAbsoluteUri'] = 'https://example.com/obfuscation/phpmyadmin';
$cfg['Servers'][$i]['auth_type'] = 'http';
The problem is these changes are not having any effect after restarting mysql and apache. Sorry, if this is a basic question, but how am I suppose to load pma's config to have the changes take affect.
Figuring out the above, would allow pma access via browser using ssl.
My second question relates to the recommendations to use ssh to access pma. This is similar to using putty to connect to my server via command line, correct? If this is the case, does that not defeat the purpose of using a gui to interact with mysql? I've googled tuts on ssh vs ssl, securing pma, but I still think I am missing some basic points of the entire security picture. Could someone please point me in the right direction... at least, pertaining to using ssh with myphpadmin gui? Thanks.
|