If you use this component on a production web site you must secure the /administrator/components/com_joommyadmin/phpmyadmin directory.

If you don't have web server knowledges, please contact your system administrator to configure the protection.

Read the following steps depending on your web server:

1 - The production web site is hosted by an internet provider or I don't have access to the Apache configuration settings
2 - I host the production web site on my own Apache server or I have access to the Apache configuration settings
3 - I host the production web site on Microsoft IIS or other web server
4 - Configuration problems
5 - Links

1 - The production web site is hosted by an internet provider or I don't have access to the Apache configuration settings

You must connect to your internet provider web administration console, that manages the web site.
Then on the system file, navigate to the /administrator/components/com_joommyadmin/phpmyadmin directory.
There must be an option that allows you to protect the directory by using/creating /.htaccess file.
This option will automatically generate the /.htaccess file with a user and encrypted password.

2 - I host the production web site on my own Apache server or I have access to the Apache configuration settings

Delivered with this component, there is a documentation with sample files on how to secure the directory under Apache: /administrator/components/com_joommyadmin/secureit.
Execute the following steps to secure the /administrator/components/com_joommyadmin/phpmyadmin directory:

In the following example we use the following structure:

/root/ : root disk
/wwwroot/ : web site root document directory, specified in the Apache configuration by the <Directory> tag
  /mywebsite/ : production web site root directory
    /administrator/
      /components/
        /com_joommyadmin/
          /phpmyadmin/
            /.htaccess : access protection file to the phpMyAdmin directory
/secureit/ : secure directory, see "Step 1"
  /.htpasswd : file containing user and encrypted password information

1. Create a directory [/secureit/] outside of the production web site root directory [/mywebsite/].
   It is recomanded to create this directory outside from the web root directory [/root/].
2. Locate your htpasswd.exe file, that is by default under the /Apache/bin/ directory.
3. Execute your command line tool and go to the /Apache/bin/ directory.
4. Execute the htpasswd.exe file to create the .htpasswd file with a user and encrypted password into the directory created at "step 1".
• Command line to create a new file with a user: htpasswd -c [pathToDirectory]/.[htpasswdFileName] [userName]
• Sample: htpasswd -c /root/secureit/.htpasswd admin
• Command line to add a user to an existing file: htpasswd [pathToDirectory]/.[htpasswdFileName] [userName]
• Sample: htpasswd /root/secureit/.htpasswd admin
5. Copy the .htaccess file from the /administrator/components/com_joommyadmin/securit directory to the /administrator/components/com_joommyadmin/phpmyadmin directory.
6. Edit the .htaccess file from the /administrator/components/com_joommyadmin/phpmyadmin directory.
7. Replace the tag value [Path_to_htpasswd_file] by the full path to the directory [/secureit/] created at "Step 1".
• Sample: AuthUserFile /root/secureit/.htpasswd
8. Save and close the .htaccess file.
9. You must now protect your files by using the chmod command line tool or with a FTP tool by right-clicking on the file and select the file attributes menu.
   • .htpasswd file as 640 (rw-r-r)
   • .htaccess file as 644 (rw-r--)
10. Your /administrator/components/com_joommyadmin/phpmyadmin directory is now secured with a user and password.
    When you access the Joomla! administration menu joomMyAdmin/PHPMyAdmin Control Panel, you are now asked to enter the user/password like created in "Step 4".
11. You can define more than one user to access this directory, by executing the htpasswd.exe command line tool, like described in "Step 4 - add a user to an existing file".

3 - I host the production web site on Microsoft IIS or other web server

Contact your system administrator or read your web server specific documentation.

4 - Configuration problems

On some server you can have errors depending on the server configuration.

For example : Parse error: syntax error, unexpected T_STRING, expecting T_OLD_FUNCTION or T_FUNCTION or T_VAR or '}'

Please try to add the following lines at the begining of the .htaccess file.

SetEnv PHP_VER 5
SetEnv REGISTER_GLOBALS 0
SetEnv ZEND_OPTIMIZER 1
SetEnv MAGIC_QUOTES 0

5 - Links

• Apache documentation: http://httpd.apache.org/
• Apache htaccess documentation: http://httpd.apache.org/docs/2.2/howto/htaccess.html
• Apache htpasswd documentation: http://httpd.apache.org/docs/2.2/programs/htpasswd.html