Up until now I can't figure out why is phpmyadmin inaccessible when I put a password on the root user.
But I've seen someone accessing phpmyadmin and inputting a username and password. How do I do that, so that I can access phpmyadmin even when I put a password to the root user. Because maybe by default the login form is inaccessible. Do I have to write my own php code to have that kind of login form?
take a look at phpmyadmin documentation there is some options about authentication.
quote from the relevant part of the documentation
$cfg['Servers'][$i]['auth_type']
string
['HTTP'|'http'|'cookie'|'config'|'signon']
Whether config or cookie or HTTP or
signon authentication should be used
for this server. 'config'
authentication ($auth_type = 'config')
is the plain old way: username and
password are stored in config.inc.php.
'cookie' authentication mode
($auth_type = 'cookie') as introduced
in 2.2.3 allows you to log in as any
valid MySQL user with the help of
cookies. Username and password are
stored in cookies during the session
and password is deleted when it ends.
This can also allow you to log in in
arbitrary server if
$cfg['AllowArbitraryServer'] enabled.
'HTTP' authentication (was called
'advanced' in previous versions and
can be written also as 'http')
($auth_type = 'HTTP') as introduced in
1.3.0 allows you to log in as any valid MySQL user via HTTP-Auth.
'signon' authentication mode
($auth_type = 'signon') as introduced
in 2.10.0 allows you to log in from
prepared PHP session data. This is
useful for implementing single signon
from another application. Sample way
how to seed session is in signon
example: scripts/signon.php. You need
to configure session name and signon
URL to use this authentication method.
Please see the install section on
"Using authentication modes" for more
information.
I think you want to use the 'http' one.
Related
I'm new to CAS.
I like to authenticate user to the list of users inside the Mysql database. I have included this line of code in the build.gradle file
implementation "org.apereo.cas:cas-server-support-jdbc:${project.'cas.version'}"
Here is the table defination in Mysql.
I have setup an instance of CAS 6.4 in Ubuntu server, disabled static user authentication and configure the /etc/cas/config/cas.properties to use Mysql as data source for authentication as config below, all other settings leave as default:
server.name=https://id.example.com
server.prefix=${cas.server.name}/
server.context-path=/ server.port=443
server.ssl.key-store=file:/etc/cas/theKeystore
server.ssl.key-store-password=theKeystorePassword
server.ssl.key-password=thePassword
logging.config=file:/etc/cas/config/log4j2.xml
cas.authn.accept.enabled=false
cas.authn.jdbc.query[0].driver-class: com.mysql.jdbc.Driver
cas.authn.jdbc.query[0].field-password: password
cas.authn.jdbc.query[0].password: theDBPassword
cas.authn.jdbc.query[0].sql: SELECT * FROM users WHRE uid=?
cas.authn.jdbc.query[0].url: jdbc:mysql://localhost:3306/cas?useUnicode=true&characterEncoding=utf-8&autoReconnect=true
cas.authn.jdbc.query[0].user: theDBUser
I have set global general_log on Mysql to ON to trace any connection attempt. However, it seems the CAS server never try to connect to the Mysql server. On user site, they simply received attempt failed message on login page.
Is there anything I've missed?
It seems that instead of using
com.mysql.jdbc.Driver
I need to use
com.mysql.cs.jdbc.Driver
as driver-class.
I work in an organization that is performing the config review of their RDS MySQL Instance.
The review requires me to check if the access to the database is granted only after a secure authentication.
Is there a way to check if this is violated in any way?
Thank You
Edit: Let us ignore the "secure" part... There must be authentication using the credentials always and for every user
Depending how "Secure authentication" defined.
Look at SELECT CURRENT_USER() and examine tables for anonymous users.
Is TLS based authentication required? If so examine that in the connection \s from mysql client. Attempt to connection without the TLS, or without the client cert, or with a different client certificate as tests of this.
Customer is running Invantive Data Hub and has recently upgraded. The batch file used to include the following:
/password:PASSWORD
But the use of unencrypted seems no longer supported; I must provide an encrypted password instead. Invantive Data Hub reports:
itgendhb079 This script uses a non-encrypted password. Please use an encrypted password instead.
How can I encrypt the password? I seem unable to find a menu option for it.
You can create an encrypted version of the password by executing the following in the Query Tool or Data Hub:
local encrypt password
and then pressing enter (Data Hub) or ctrl+enter (Query Tool).
A window will appear with the currently used password filled-in when available, signalled by ***.
Please note that the encrypted password is encrypted using a device-specific key. So you can only use it on the device on which you generated the encrypted password.
As I just discovered eJabberd, when setting the authentication to internal.
Where would the logic of authentication be? or it will just match username with password in the mnesia DB?
Also, when registering a user, for example: using elixir, register a user would be as:
:ejabberd_auth.try_register("test", "localhost", "passw0rd")
Where would the new user be stored?
And, if authentication is external, what should I return as a response if successful or failure authentication?
Can start & use the eJabberd server without writing any server side code? if for example, all users are stored in an external db?
I have a DBD Basic Authentication setup. When I try to log into my webpage with this authentication it does not work. The error is password mismatch in the Apache error logs, and the connection to MySQL database is successful from its logs.
This is my connection string in the httpd.conf:AuthDBDUserPWQuery "SELECT Password FROM Users WHERE Username = %s"
This table does exist, and the Column names are right as far as I can see. My DB Structure stores Username and Password in plaintext. Where am I going wrong? (I am sorry I can't provide more output I am tunneling through my Universities bespoke system to access my server and it does not allow copy pasting text).
I fixed it by changing from using plaintext passwords in my DB to using the SQL Encrypt function on each password stored.