How are you locking down your phpmyadmin access?

[Rob]

There are a couple of ways that I lock it down.. I won't get into specifics because I don't want you (or you!) trying to find it..

Rename your phpmyadmin alias:
Edit: /etc/httpd/conf.d/phpmyadmin.conf

Look for:

Code:

Alias /phpmyadmin /usr/share/phpmyadmin
Alias /phpMyAdmin /usr/share/phpmyadmin
Alias phpMyadmin /usr/share/phpmyadmin

(or something like that... )

and change it to something like:

Code:

Alias /supersecret456 /usr/share/phpmyadmin

Restrict access to your known ip address:
Edit /etc/httpd/conf/phpmyadmin.conf

At the top of the file you'll see something like:

Code:

<Directory "/usr/share/phpmyadmin">
  Order Deny,Allow
  Deny from all
  Allow from 127.0.0.1
</Directory>

Modify it to only allow the ip addresses that you'll connect from:

Code:

<Directory "/usr/share/phpmyadmin">
  Order Deny,Allow
  Deny from all
  Allow from 127.0.0.1
  Allow from 70.100.100.100
  Allow from 70.200.200.200
</Directory>

Restart apache and test it out!

[Darwin]

Lockdown achieved!

[flotwig]

I don't really. I don't have it aliased from anywhere and the directory's fairly hidden. On top of that you'd need to know the MySQL deets to log in, and every database has it's own nonsense user and it's own nonsense password, custom-generated ones like these:

Code:

ma=[x5@&Mh}$]#,FVmBjaUZ}s>x8i)Vh*j6:kKZ5l<MLRzLN|=
qGMzLFvK[A2(axD=lEO-nkvx\Xl#iiJV,GWUHeCM?z-HfF!k?s
a,RsauSs,7:9)tXz7hwv\9%1-5I#}y<{XN}yH$!&2G]t;[Az4,

On top of that MySQL's localhost-only and I only run custom code in an effort to avoid zero-day exploits.