我想隐藏所有细节(表格结构,数据库设计等)。我是如何做到这一点的,我在谷歌搜索并获得了一些信息。
由此,我更改了config.inc.php的内容:
<?php
/* Servers configuration */
$i = 0;
/* Server: localhost [1] */
$i++;
$cfg['Servers'][$i]['verbose'] = 'localhost';
$cfg['Servers'][$i]['host'] = 'localhost';
$cfg['Servers'][$i]['port'] = '';
$cfg['Servers'][$i]['socket'] = '';
$cfg['Servers'][$i]['connect_type'] = 'tcp';
$cfg['Servers'][$i]['extension'] = 'mysqli';
$cfg['Servers'][$i]['auth_type'] = 'config';
$cfg['Servers'][$i]['user'] = 'root';
$cfg['Servers'][$i]['password'] = '';
$cfg['Servers'][$i]['AllowNoPassword'] = true;
$cfg['Servers'][$i]['hide_db'] = 'information_schema';
/* End of servers configuration */
$cfg['DefaultLang'] = 'en-utf-8';
$cfg['ServerDefault'] = 1;
$cfg['UploadDir'] = '';
$cfg['SaveDir'] = '';
/* rajk - for blobstreaming */
$cfg['Servers'][$i]['bs_garbage_threshold'] = 50;
$cfg['Servers'][$i]['bs_repository_threshold'] = '32M';
$cfg['Servers'][$i]['bs_temp_blob_timeout'] = 600;
$cfg['Servers'][$i]['bs_temp_log_threshold'] = '32M';
?>
但是,当我去
时http://localhost/phpmyadmin/index.php?db=mysql&token=df40bf81f38ce55621e179517c212d62
我可以看到所有信息。
对此有何解决方案?
答案 0 :(得分:2)
已经隐藏了。它可用的原因是:
另外,请查看“allownopassword”条目,如果设置为true,则允许没有密码的人登录。尝试将其设置为false。
在MySQL中设置root密码(以及根密码变量..我 高度 建议不要将密码放在php文件中。)
如果您从未为MySQL服务器设置root密码,则服务器允许您在没有密码的情况下识别为root。要创建root密码,请在shell中输入:
$ mysqladmin -u root password NEWPASSWORD
<?php
/* Servers configuration */
$i = 0;
/* Server: localhost [1] */
$i++;
$cfg['Servers'][$i]['verbose'] = 'localhost';
$cfg['Servers'][$i]['host'] = 'localhost';
$cfg['Servers'][$i]['port'] = '';
$cfg['Servers'][$i]['socket'] = '';
$cfg['Servers'][$i]['connect_type'] = 'tcp';
$cfg['Servers'][$i]['extension'] = 'mysqli';
$cfg['Servers'][$i]['auth_type'] = 'config';
$cfg['Servers'][$i]['user'] = 'root'; // If you're going to use ROOT for ALL WORK, set a root password and put it below.
$cfg['Servers'][$i]['password'] = 'PASSWORD';
$cfg['Servers'][$i]['AllowNoPassword'] = false; // False!
$cfg['Servers'][$i]['hide_db'] = 'information_schema';
/* End of servers configuration */
$cfg['DefaultLang'] = 'en-utf-8';
$cfg['ServerDefault'] = 1;
$cfg['UploadDir'] = '';
$cfg['SaveDir'] = '';
/* rajk - for blobstreaming */
$cfg['Servers'][$i]['bs_garbage_threshold'] = 50;
$cfg['Servers'][$i]['bs_repository_threshold'] = '32M';
$cfg['Servers'][$i]['bs_temp_blob_timeout'] = 600;
$cfg['Servers'][$i]['bs_temp_log_threshold'] = '32M';
?>
顺便说一下,config没有密码保护phpMyAdmin;任何访问正确URL的人都会直接登录并可以操作您的服务器。
制作.htaccess文件以防止这种情况!
Order Deny,Allow
Deny from All
Allow from YourIPAddress
答案 1 :(得分:0)
编辑config.inc.php:
$cfg['Servers'][$i]['hide_db'] = '^information_schema|mysql|performance_schema|test$';
if(in_array($_GET['db'], array('information_schema', 'mysql', 'performance_schema', 'test'))) {
exit;
}