Is securing phpMyAdmin with .htaccess considered sufficient?

Question

I have just installed Linux / Ubuntu for the first time in order to learn, and to get some experience with LAMP servers.

I also installed phpMyAdmin and used an .htaccess file (stored in /usr/share/phpMyAdmin, iirc) which points to an .htpasswd file in /etc/phpMyAdmin.

Is this considered "enough" to protect phpMyAdmin from other intruders? Is there any way someone could interact with any part of phpMyAdmin without first authenticating themselves via that .htaccess username/password?

score 0 · Accepted Answer · answered Jun 30 '14 at 13:18

Securing phpMyAdmin with .htaccess is considered sufficient if you're just using Ubuntu in order to learn and get experience with LAMP servers.

However, if you were working in a corporate environment, I would suggest setting up SSL Certifications with phpMyAdmin for that extra level of security.

score 0 · Answer 2 · answered Jun 30 '14 at 13:21

If people are accessing phpmyadmin over the Internet, you should use SSL encryption for the web traffic.

If not, add a couple lines to your htaccess file that only allows connection from the LAN.

Something like the following

Order Deny,Allow
    Deny from All
    Allow from 10.253.0.1/24

Is securing phpMyAdmin with .htaccess considered sufficient?

2 Answers2