This is done with:
$cfg['Servers'][$i] ['SignonURL'] = 'http://www.mydomain.com/
FirstApp';
How does the authenticating application store credentials in a format that
phpMyAdmin can understand? An example is included as scripts/signon.php.
In this script, there is a simple HTML form to input the credentials and logic that
initializes the session??”we would use FirstApp as a session name??”and creates the
user, password, and host information into this session:
$_SESSION['PMA_single_signon_user'] = $_POST['user'];
$_SESSION['PMA_single_signon_password'] = $_POST['password'];
$_SESSION['PMA_single_signon_host'] = $_POST['host'];
Note that FirstApp does not need to ask the MySQL's credentials to the user. These
could be hard-coded inside the application because they are secret or there is a known
correspondence between this application's credentials and MySQL's ones.
The authenticating application then uses a way of its choosing??”a link or button??”to
let its users start phpMyAdmin.
Security
Security can be examined at various levels:
Directory-level protection for phpMyAdmin
IP-based access control
The databases that a legitimate user can see
In-transit data protection
Directory-Level Protection
Suppose an unauthorized person is trying to execute our copy of phpMyAdmin. If
we used the simple config authentication type, anyone knowing the URL of our
phpMyAdmin will have the same effective rights on our data as us.
Pages:
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63