aboutsummaryrefslogtreecommitdiff
path: root/databases/phpmyadmin/files/pkg-message.in
blob: c59745d76ae761a882dc54f7bc236fe34e5d5095 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
[
{ type: install
  message: <<EOM
%%PKGNAME%% has been installed into:

    %%WWWDIR%%

Please edit config.inc.php to suit your needs.

To make phpMyAdmin available through your web site, I suggest
that you add something like the following to httpd.conf:

For Apache versions earlier than 2.4:

    Alias /phpmyadmin/ "%%WWWDIR%%/"

    <Directory "%%WWWDIR%%/">
	Options none
	AllowOverride Limit

	Order Deny,Allow
	Deny from all
	Allow from 127.0.0.1 .example.com
    </Directory>

For Apache version 2.4.x or above:

    Alias /phpmyadmin/ "%%WWWDIR%%/"

    <Directory "%%WWWDIR%%/">
	Options None
	AllowOverride Limit

	Require local
    	Require host .example.com
    </Directory>

SECURITY NOTE: phpMyAdmin is an administrative tool that has had several
remote vulnerabilities discovered in the past, some allowing remote
attackers to execute arbitrary code with the web server's user credential.
All known problems have been fixed, but the FreeBSD Security Team strongly
advises that any instance be protected with an additional protection layer,
e.g. a different access control mechanism implemented by the web server
as shown in the example.  Do consider enabling phpMyAdmin only when it
is in use.
EOM
}
]