Apache Friends Support Forum

Hi there,
I am trying to set up password protection on the root password and have researched it here and on other sources.

I see that you have instructions to set the 'config' line to 'cookie'
- but should i then also update the password in the line of code two lines below that, to the password I created?

In other tutorials, it says that you also need to change that line of the code and enter the password.
So i am a bit confused and don't want to mess up my install.
grateful for any clarification you might be able to give me on this.
Thanks!

You are welcome

Hi Altrea,
soooo...
am i supposed to just change the config to cookie ?
or also enter my new password in that code as well?

This is up to you. Both will work.
If you are not the only user on this computer or worried about putting any passwords as plain text then i would prefer changing the type to cookie instead of typing the password as plain text.

Ok. Thanks.
I think I understand.
If I were to enter the actual password here, it could be found by someone else using this computer by them opening the file and reading the password?
I AM the only user on this computer.
Should I also change the code that says "ALLOW_NO_PASSOWORD" to "false" instead of "true"?
would that prevent anyone from trying to log on without a password?

P.S. thanks for your help with this!
: )

Zia3000 wrote:If I were to enter the actual password here, it could be found by someone else using this computer by them opening the file and reading the password?

Correct. Any user having access to that file can read your password if it is saved in there.

Zia3000 wrote:Should I also change the code that says "ALLOW_NO_PASSOWORD" to "false" instead of "true"?

This is not neccessary in my opinion. It would prevent users to login without password. But you already setted the root password, so the only user left is the anonymous user which only has permissions to the test database.
And xampp added some extra security because phpmyadmin cannot get used from any other computer then your very own xampp server.

Altrea wrote:

Zia3000 wrote:If I were to enter the actual password here, it could be found by someone else using this computer by them opening the file and reading the password?

Correct. Any user having access to that file can read your password if it is saved in there.
ok. Thanks for confirming.

Zia3000 wrote:Should I also change the code that says "ALLOW_NO_PASSOWORD" to "false" instead of "true"?

This is not neccessary in my opinion. It would prevent users to login without password. But you already setted the root password, so the only user left is the anonymous user which only has permissions to the test database.
And xampp added some extra security because phpmyadmin cannot get used from any other computer then your very own xampp server.

This is good to know.

Hi there,

This way of setting the password didn't work for me, I have just installed the XAMPP.
This video instructs on how to reset, but it worked for the mysql first set up: https://www.youtube.com/watch?v=IEbGskM54wI&list=PLk-EmIiBIYGF8WCitdIVq7dvvacqY0rdl&index=3

Hello, I hope this topic hasn't been retired or anything, the contributions have been super helpful. I have XAMPP running on my server which is accessible on my network. I did a security check and want to include a root password. My little dilemma is that I have some important programs already running on the server. What happens to these programs if I now add a root password? Won't I then lose access to the database?

Depends on your application configuration. Do they use own created database users then you can change the root password without any problems.
If the applications use root to login to the database, you need to change the application configuration too.

Altrea wrote:Depends on your application configuration. Do they use own created database users then you can change the root password without any problems.
If the applications use root to login to the database, you need to change the application configuration too.

Okay, thank you for that. I noticed only one of the apps was affected.