I just realized that there was a better alternative to basic authentication for Apache 2.2. According to http://httpd.apache.org/docs/2.1/howto/auth.html:
“The most common method is Basic, and this is the method implemented by mod_auth_basic. It is important to be aware, however, that Basic authentication sends the password from the client to the server unencrypted. This method should therefore not be used for highly sensitive data, unless accompanied by mod_ssl. Apache supports one other authentication method: AuthType Digest. This method is implemented by mod_auth_digest and is much more secure. Most recent browsers support Digest authentication.”
So I read http://httpd.apache.org/docs/2.1/mod/mod_auth_digest.html and http://httpd.apache.org/docs/2.1/programs/htdigest.html and did the following:
htdigest -c apachePassword phpmyadmin myUser
Answered the questions asked by htdigest and checked that a new file named apachePassword was created. After that I edited my /etc/apache2/apache2.conf file and added these:
# htdigest authentication
<Location /phpmyadmin/>
AuthType Digest
AuthName "phpmyadmin"
AuthDigestDomain /phpmyadmin/ http://myserver.com/phpmyadmin/
AuthDigestProvider file
AuthUserFile /home/myUser/apachePassword
Require valid-user
</Location>
Then I enabled auth_digest by issuing the following command: a2enmod auth_digest. Finally I checked my Apache configuration file with the apache2ctl -t command and restarted the Apache web server. Then I visited http://myserver.com/phpmyadmin and I was greeted with the Apache’s username / password dialog window before being able to see phpMyAdmin’s screen.
Andy
July 12, 2010 at 23:17
Thanks!