Database
phpMyAdmin
What are the different authentication types (e.g., cookie, http, config, signon) supported by phpMyAdmin?
What are the different authentication types (e.g., cookie, http, config, signon) supported by phpMyAdmin?
Jul 17, 2025 am 02:21 AM
phpMyAdmin supports a variety of authentication types, mainly including cookie authentication, HTTP authentication, Config authentication and Signon authentication. Cookie authentication temporarily stores credentials through session cookies, and requires setting blowfish key in the configuration; HTTP authentication uses a browser to pop up the login box and transmits credentials through HTTP headers; Config authentication hardcodes the username and password in the configuration file, suitable for testing environments but is not secure; Signon authentication supports integration with external systems, and requires custom login scripts; other types include Advanced login that allows manual selection of servers and Allow Deny mode based on IP control. Each type is suitable for different security and usage scenarios.
phpMyAdmin supports several authentication types, which determine how users log in and are authenticated when accessing the tool. These authentication types are configured in the config.inc.php file and control how phpMyAdmin interacts with the MySQL or MariaDB server for user login.
Here are the main authentication types supported:
1. Cookie Authentication ( cookie )
This is one of the most commonly used authentication methods in phpMyAdmin. When you use cookie authentication, you're prompted to enter a username and password each time you log in, and phpMyAdmin stores your credentials in a session cookie during the login process (not on disk).
- It's more secure than config because it requires actual login
- Uses PHP sessions to store credentials temporary
- Recommended if you're exposing phpMyAdmin publicly
To enable cookie auth, you need to set a blowfish secret in your configuration:
$cfg['blowfish_secret'] = 'your_secret_here'; // Needs to be 32 characters long
You'll also set:
$cfg['Servers'][$i]['auth_type'] = 'cookie';
2. HTTP Authentication ( http )
This method uses HTTP basic authentication to prompt users for a username and password before they even reach the phpMyAdmin interface. The credentials are passed via the HTTP headers.
- Browser-level login popup
- Credentials not sent through HTML forms
- Can be combined with web server authentication (eg, Apache htpasswd)
Use this line in your config:
$cfg['Servers'][$i]['auth_type'] = 'http';
Note: This method can be less convenient if you're managing multiple servers or want a unified login experience within phpMyAdmin itself.
3. Config Authentication ( config )
In config authentication, the username and password are hard-coded directly into the config.inc.php file.
- No login screen show
- Automatically logs you in as the configured user
- Fast and easy but very insecure for production environments
Typical setup:
$cfg['Servers'][$i]['auth_type'] = 'config'; $cfg['Servers'][$i]['user'] = 'root'; $cfg['Servers'][$i]['password'] = 'your_password';
Warning : Never use this on public-facing installations — anyone with access to phpMyAdmin will automatically have full database access.
4. Signon Authentication ( signon )
This is a special mode that allows integration with external authentication systems. You can use it when you want to authenticate users via a custom script or single sign-on system.
- Requires setting up a PHP script to handle login logic
- Useful for embedding phpMyAdmin in an existing app with its own auth system
- Most flexible but needs extra development work
Basic example:
$cfg['Servers'][$i]['auth_type'] = 'signon'; $cfg['Servers'][$i]['SignonSession'] = 'CustomAuthSessionName'; $cfg['Servers'][$i]['SignonURL'] = 'https://your-app/login.php';
Your application must manage the session and inject the correct username/password before redirecting to phpMyAdmin.
Other Types
There are also a couple of less commonly used types:
- Advanced Login (
advanced) : Allows selecting a server and entering credentials manually, useful for multi-server settings. - Allow Deny (
deny/allow) : Not an authentication type per se, but related to IP-based access control.
Each authentication type serves different security and usability needs. For most typical settings, cookie authentication is the best balance between usability and security.
Basically that's it.
The above is the detailed content of What are the different authentication types (e.g., cookie, http, config, signon) supported by phpMyAdmin?. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undress AI Tool
Undress images for free
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
How to disable private browsing authentication in Safari: How-to guide for iOS 17
Sep 11, 2023 pm 06:37 PM
In iOS 17, Apple introduced several new privacy and security features to its mobile operating system, one of which is the ability to require two-step authentication for private browsing tabs in Safari. Here's how it works and how to turn it off. On an iPhone or iPad running iOS 17 or iPadOS 17, if you have any Private Browsing tab open in Safari and then exit the session or app, Apple's browser now requires Face ID/TouchID authentication or a passcode to access again they. In other words, if someone gets their hands on your iPhone or iPad while it's unlocked, they still won't be able to view it without knowing your passcode
How to implement single sign-on in PHP
Jun 11, 2023 pm 07:01 PM
Single sign-on (SSO) is an authentication mechanism that allows users to authenticate across multiple applications and sites using a single set of credentials, such as a username and password. This mechanism can improve user experience and efficiency while also enhancing security. In PHP, implementing single sign-on requires some specific methods. Below we will introduce how to implement single sign-on in PHP. We will divide it into the following steps: Create a user authentication center (AuthenticationCenter) using OAuth2
Implementing user authentication using middleware in the Slim framework
Jul 29, 2023 am 10:22 AM
Implementing user authentication using middleware in the Slim framework With the development of web applications, user authentication has become a crucial feature. In order to protect users' personal information and sensitive data, we need a reliable method to verify the user's identity. In this article, we will introduce how to implement user authentication using the Slim framework’s middleware. The Slim framework is a lightweight PHP framework that provides a simple and fast way to build web applications. One of the powerful features is the middle
Token-based authentication with Angular and Node
Sep 01, 2023 pm 02:01 PM
Authentication is one of the most important parts of any web application. This tutorial discusses token-based authentication systems and how they differ from traditional login systems. By the end of this tutorial, you will see a fully working demo written in Angular and Node.js. Traditional Authentication Systems Before moving on to token-based authentication systems, let’s take a look at traditional authentication systems. The user provides their username and password in the login form and clicks Login. After making the request, authenticate the user on the backend by querying the database. If the request is valid, a session is created using the user information obtained from the database, and the session information is returned in the response header so that the session ID is stored in the browser. Provides access to applications subject to
Using JWT to implement authentication in Beego
Jun 22, 2023 pm 12:44 PM
With the rapid development of the Internet and mobile Internet, more and more applications require authentication and permission control, and JWT (JSON Web Token), as a lightweight authentication and authorization mechanism, is widely used in WEB applications. Beego is an MVC framework based on the Go language, which has the advantages of efficiency, simplicity, and scalability. This article will introduce how to use JWT to implement authentication in Beego. 1. Introduction to JWT JSONWebToken (JWT) is a
How to use permission control and authentication in C#
Oct 09, 2023 am 11:01 AM
How to use permission control and authentication in C# requires specific code examples. In today's Internet era, information security issues have received increasing attention. In order to protect the security of systems and data, permission control and authentication have become an indispensable part for developers. As a commonly used programming language, C# provides a wealth of functions and class libraries to help us implement permission control and authentication. Permission control refers to restricting a user's access to specific resources based on the user's identity, role, permissions, etc. A common way to implement permission control is to
How the uniapp application implements face recognition and identity verification
Oct 18, 2023 am 08:03 AM
How uniapp applications implement face recognition and identity verification In recent years, with the rapid development of artificial intelligence technology, face recognition and identity verification have become important functions in many applications. In uniapp development, we can use the cloud functions and uni-app plug-ins provided by uniCloud cloud development to implement face recognition and identity verification. 1. Preparations for the implementation of face recognition First, we need to introduce the uni-app plug-in uview-ui and add it to the manifest.jso of the project
Best practices for using OAuth2 for authentication in Go
Jun 17, 2023 pm 12:13 PM
Best Practices for Using OAuth2 for Authentication in Go Language Using OAuth2 for user authentication is very common in modern web applications. This is a standard protocol that facilitates authorized access to protected resources by third-party applications. The Go language has powerful libraries that support OAuth2, allowing developers to easily implement the OAuth2 process. However, using the OAuth2 protocol correctly is not easy. This article aims to provide information on using OAuth2 for identity in Go language
