I just discovered that in the file
/etc/dbconfig-common/phpmyadmin.conf
My database admin password is written in clear-text with no encryption.
How can I change that? I noticed online that many people are happy with this. Although I noticed that only root can see the content of this file (its permission is 600), I still would prefer not having clear passwords.
What do you suggest?
If you require any additional information, please ask.
If you are just looking for a solution for phpmyadmin, you could change it to cookie based authentication. then create .htaccess file with db username and password where pasword is stored in encrypted password file. on first call of page you will have to login once with user and password and then a cookie is stored locally so on next call you are straight in again.
procedure also described here (but for windows):
http://robsnotebook.com/xampp-builtin-security
about creating htaccess user:
http://httpd.apache.org/docs/2.2/programs/htpasswd.html
Related
After running php artisan make:auth in my laravel project, I want to test some default functions. I MANUALLY entered data in my MySQL Database:
but when I try to login to my project using the above credentials:
I am sure that I have typed it as exactlly as indicated secret123 but still unable to enter. Is there anything that I am missing? Or shall I do something to be able to manually enter data that matches credentials when I log in?
Yes, the password in the database is not plaintext (Big security no no).
You should try to hash your password with a Bcrypt hasher. I believe https://www.browserling.com/tools/bcrypt will work. Just fill in the password, rounds does not matter (as far as i know) and hash it! Then paste the has in the databse, then it should work for you!
I brought a virtual airline and for my security I would like to change the password on the myphpadmin and mySQL.
I am very new to this and I'm not sure where to find this and or do it.
any help is very welcome
Many Thanks
Your phpMyAdmin is protected by the MySQL authentication; so when you change your MySQL password it will also change for when you log in to phpMyAdmin. To do so, if you have the proper permissions, you'll see a link to "Change password" near the top of the "General settings" area of the main page. Note that in doing so, you will need to update the password in any other software that uses the same credentials, including phpMyAdmin only if you use the auth_type 'config'.
If you don't see the link, your user account doesn't have permission to change the password directly. Some web hosting providers do this (I'm not sure why) and in many of those cases, provide some external means to change your password (perhaps through their management interface). However, in those cases it depends specifically on your provider and you'd have to ask their support staff for further assistance.
Is there any way to restrict access to phpmyadmin without adding a password to root (keeping root password as null). May be using Apache configuration files or other method?
As you enter username and password in phpmyadmin authentication screen, phpmyadmin directly try to access database from given username and passwords like
$conn = new mysqli(localhost, $username, $password);
If mysql returns any Databased associate with this user than phpmyadmin show complete information about this database.
So by default it's not possible to access phpmyadmin using root password null.
But still there are two option
Create new Mysql user with all database access privilege keeping your root password null
Phpmyadmin is open-source so make changes as per your need.
Sure, you can accomplish this with the normal Apache .htaccess authentication.
For instance, your .htaccess can contain:
AuthUserFile /home/Sanjay/.htpasswd-phpmyadmin
AuthName "My custom phpMyAdmin authentication"
AuthType Basic
Require valid-user
Then you just have to create the file /home/Sanjay/.htpasswd-phpmyadmin (you can use whatever path you wish here, in fact it may not be ideal to put it under your user home directory) using the htpasswd command-line program or one of the many online tools. Make sure both files are readable by the webserver and you should be all set.
Good Day
I am a front-end developer, and I know little from MySQL and databases.
I have a Wordpress MySQL database in CPanel. Now I forgot my password, and the password for my user as seen in phpmyadmin is hashed/encrypted.
How do I get the password?
NOTE: I do not have access to the Server since this is a website on a shared hosting account, so doing the following is not possible for me:
See this post on Stack
Stop the MySQL process.
Start the MySQL process with the --skip-grant-tables option.
Start the MySQL console client with the -u root option.
List all the users;
SELECT * FROM mysql.user;
Reset password;
UPDATE mysql.user SET Password=PASSWORD('[password]') WHERE User='[username]';
But DO NOT FORGET to
Stop the MySQL process
Start the MySQL Process normally (i.e. without the --skip-grant-tables option)
when you are finished. Otherwise, your database's security could be compromised.
If your website is working you can probably find the mysql user/password
in the config.php file in your wordpress filesystem.
Otherwise:
Your best option is probably to add a user to the database and give it the needed privileges, to do that:
Click MySQL databases.
Create new user.
Assign new user to your database.
Edit config.php on your wordpress filesystem and change to the new username.
This is sub optimal, but will work.
There is a simple way for you to gain access to your WordPress user info if you don't know the password. I'm assuming you are talking about a WordPress user password retrieval. You need to have access and edit privileges to your database to do this.
-Open up phpMyAdmin or however you prefer to access database tables
-Select your database
-Open the table wp_users
-Under the column 'user_login' you will need to find which entry you want to access. Your username should be in one of the row entries.
-Once found, there will be a 'user_pass' column as well. Now some explaining needs to happen. You cannot retrieve your password without hacking/brute forcing that encryption. These are MD5 hash encrypted passwords. What we are going to do is just simply create a new password here. All you have to do is Google "MD5 Hash generator". I tested this on the first result I found and it worked.
-Once you find a website with a generator just simply type in your password and then retrieve the hash that's given to you. For example I typed in 'password' and I receive '5f4dcc3b5aa765d61d8327deb882cf99' Now we have a new encrypted password to set. If you are worried about sites saving your password entries or hashes just make up a password as a temporary fix. Then you can just login with that and change the password via the WordPress Dashboard later.
-Select the row that your username is in. Click Change/Edit then just copy and paste the entire MD5 Hash into the wp_pass column.(Overwrite the old password btw.) Save/Go/Execute to make sure the table was re-written. In this example I would be pasting '5f4dcc3b5aa765d61d8327deb882cf99' into the column without quotes of course.
-Please be sure to only change the 'wp_pass' entry and to make sure it's corresponding to the correct username.(On the same row)
-Now you should be able to login with your new password.('password')
We recently had to move one of our client's websites to a new server (unix to unix). They have a Joomla site. I followed Joomla's documentation on transferring the whole site, and did so with no problems. I downloaded all the files via FTP, I exported the database in phpMyAdmin. I uploaded all the files to the new server via FTP, and imported the database sql file into the new database with phpMyAdmin.
When I access the site, all the pages are there, all content is working exactly as it used to. The site was successfully moved.
However, now when logging in as admin to add new pages or edit current ones, it will not let us log in and says that the user name and password do not match. It's the exact same log in credentials used on the previous server and they worked there.
Any help in understanding what's going wrong? If you need me give more info, please ask and I'll provide it.
Problem with logging in could be caused by few things.
Bad admin password, so change it in #_users -> http://stepolabs.com/upload/pass.png
Problems with CHMOD, put administrator folders -r to 755
Problem with cookies, so delete it with cache in browser and on server.
If nothing above helps, read this article: http://kb.siteground.com/i_cant_log_into_the_joomla_backend_as_administrator/
Got to a md5 converter website, choose a new password, convert it to md5.
Log in to phpMyAdmin or whatever tool are you using to manipulate the database.
Open the _users table, search for your user.
Edit your user, change the password field to your new md5 encoded password and save
I have tried a lot of solution (joomla 2.5) and none of them worked... I've been able to login on the backend when I changed in configuration.php
public $session_handler = 'database';
to
public $session_handler = 'none';
I also removed the domain name in the variable public $cookie_domain = '';
If ever this help anyone else :)