[matchstick]

Hi,

Not really all that important - but I realised something about implementation of security tonight and felt this may allow something helpful (to me at least)...

I often visit PHPMyAdmin directly in form of clientdomain:port/3rdparty/phpMyAdmin/index.php (sorry, that's kinda from memory). Then prompted for a username / password (which is the same as CPanel user / pass). However, if I'm logged into Cpanel, I'm still prompted for the username and pass. If I logout of Cpanel, it doesn't log me out of PhpMyAdmin (as session stays live).

Long story short, is it therefore possible to define an alternate username / password for PhpMyAdmin. I occassionally deal with contractors; I can offer a temporary FTP account which is then easy to remove after work has commenced. I'd rather not offer full Cpanel access; never had a problem with any of them, but something about doing that, I'm not keen on. Plus, it means the hassle of a password change (which means I then have to update my paper account record and my secure online vault record). If I could define a temporary account to access PhpMyAdmin, that would be great.

Is it possible?


Thanks,
andy

[matchstick]

Hmm... this is odd - changed password for this account via WHM and can login to CPanel ok. However, on trying the direct link (as listed previously), I get an 'Access Denied' error (not the usual behaviour which is to prompt for user and pass again).

This is same as trying to access via CPanel... So it appears I've broken something by changing the password

[matchstick]

And suddenly it's working again... Sorry for multi-posting, finding this odd!

Just ignore me, I'll go back into the corner in a moment!!

[dkg]

I love it when I find people talking to themselves on a forum

I believe you are experiencing the wonders of http authentication. And, I do not believe you could have multiple username/passwords for one cPanel account.

Have you thought about just installing your own copy of phpMyAdmin? The stand-alone script asks for a MySql username/password at startup and then any databases available to that user are there to manage. The benefit of this is that you can also be running the latest version of phpMyAdmin and it can be secured anyway you like. I can't see any reason why this wouldn't work. phpMyAdmin is just another PHP script and it accesses the MySQL system just like any other PHP script.

[matchstick]

*sigh*.. It's always me that seems to do the 'one-sided-conversation' on forums too!

I think I'll need to go down that route - thankfully you're right about the simplicity of installs, past experiences have been really positive (the complexity of the script obviously led me to believe it must be a right pain to install, but it's pretty simple).

Thanks for confirming and for joining in on the thread too