by Sharley » 08. October 2008 01:45
You don't set a password for the user pma as that user's privileges are set to only SHUTDOWN phpMyAdmin.
Check the pma user privileges, after a login using your root user credentials, by clicking on the little edit icon next to pma under the heading Privileges in phpMyAdmin and make sure that SHUTDOWN is the only privilege ticked (available) to the pma user - Global Privileges - SHUTDOWN only.
Thats as secure as it gets for user pma as it now can only shutdown phpMyAdmin and that is why a password for the pma user will give errors as there is no where to enter a password when shutting down phpMyAdmin.
You will find when you login using pma with no password that this user can do nothing in phpMyAdmin to cause any damage to your MySQL databases period, no matter where he gains access from.
Of course if the root user gives the pma user more privileges in phpMyAdmin then you have created a very dangerous security risk.
The root user is the only user that can change the pma privileges and is why you should never use the root user's credentials when creating databases for other scripts like blogs and forums etc. - they should always have their own individual user/pass combination with specific privileges to each database created.