如何在mysql中隐藏信息模式

时间:2013-02-10 01:03:14

标签: php mysql database

我想隐藏所有细节(表格结构,数据库设计等)。我是如何做到这一点的,我在谷歌搜索并获得了一些信息。

由此,我更改了config.inc.php的内容:

<?php

 /* Servers configuration */
 $i = 0;

 /* Server: localhost [1] */
 $i++;
 $cfg['Servers'][$i]['verbose'] = 'localhost';
 $cfg['Servers'][$i]['host'] = 'localhost';
 $cfg['Servers'][$i]['port'] = '';
 $cfg['Servers'][$i]['socket'] = '';
 $cfg['Servers'][$i]['connect_type'] = 'tcp';
 $cfg['Servers'][$i]['extension'] = 'mysqli';
 $cfg['Servers'][$i]['auth_type'] = 'config';
 $cfg['Servers'][$i]['user'] = 'root';
 $cfg['Servers'][$i]['password'] = '';
 $cfg['Servers'][$i]['AllowNoPassword'] = true;
 $cfg['Servers'][$i]['hide_db'] = 'information_schema';

 /* End of servers configuration */

 $cfg['DefaultLang'] = 'en-utf-8';
 $cfg['ServerDefault'] = 1;
 $cfg['UploadDir'] = '';
 $cfg['SaveDir'] = '';


/* rajk - for blobstreaming */
$cfg['Servers'][$i]['bs_garbage_threshold'] = 50;
$cfg['Servers'][$i]['bs_repository_threshold'] = '32M';   
$cfg['Servers'][$i]['bs_temp_blob_timeout'] = 600;
$cfg['Servers'][$i]['bs_temp_log_threshold'] = '32M';


?>

但是,当我去

http://localhost/phpmyadmin/index.php?db=mysql&token=df40bf81f38ce55621e179517c212d62

我可以看到所有信息。

对此有何解决方案?

2 个答案:

答案 0 :(得分:2)

已经隐藏了。它可用的原因是:

  • 您有 root 密码。
  • 您尚未退出会话,因此会验证包含会话信息的Cookie,并且您将自动重定向到信息(数据库,表)。这是为了避免每次刷新时都登录。

另外,请查看“allownopassword”条目,如果设置为true,则允许没有密码的人登录。尝试将其设置为false。

在MySQL中设置root密码(以及根密码变量..我 高度 建议不要将密码放在php文件中。)

如果您从未为MySQL服务器设置root密码,则服务器允许您在没有密码的情况下识别为root。要创建root密码,请在shell中输入:

$ mysqladmin -u root password NEWPASSWORD



<?php

 /* Servers configuration */
 $i = 0;

 /* Server: localhost [1] */
 $i++;
 $cfg['Servers'][$i]['verbose'] = 'localhost';
 $cfg['Servers'][$i]['host'] = 'localhost';
 $cfg['Servers'][$i]['port'] = '';
 $cfg['Servers'][$i]['socket'] = '';
 $cfg['Servers'][$i]['connect_type'] = 'tcp';
 $cfg['Servers'][$i]['extension'] = 'mysqli';
 $cfg['Servers'][$i]['auth_type'] = 'config';
 $cfg['Servers'][$i]['user'] = 'root'; // If you're going to use ROOT for ALL WORK, set a root password and put it below.
 $cfg['Servers'][$i]['password'] = 'PASSWORD';
 $cfg['Servers'][$i]['AllowNoPassword'] = false; // False!
 $cfg['Servers'][$i]['hide_db'] = 'information_schema';

 /* End of servers configuration */

 $cfg['DefaultLang'] = 'en-utf-8';
 $cfg['ServerDefault'] = 1;
 $cfg['UploadDir'] = '';
 $cfg['SaveDir'] = '';


/* rajk - for blobstreaming */
$cfg['Servers'][$i]['bs_garbage_threshold'] = 50;
$cfg['Servers'][$i]['bs_repository_threshold'] = '32M';   
$cfg['Servers'][$i]['bs_temp_blob_timeout'] = 600;
$cfg['Servers'][$i]['bs_temp_log_threshold'] = '32M';


?>

顺便说一下,config没有密码保护phpMyAdmin;任何访问正确URL的人都会直接登录并可以操作您的服务器。

制作.htaccess文件以防止这种情况!

Order Deny,Allow
Deny from All
Allow from YourIPAddress

答案 1 :(得分:0)

编辑config.inc.php:

$cfg['Servers'][$i]['hide_db'] = '^information_schema|mysql|performance_schema|test$'; 
if(in_array($_GET['db'], array('information_schema', 'mysql', 'performance_schema', 'test'))) {
    exit;
}
相关问题
最新问题