Config authentication mode ¶

• This mode is sometimes the less secure one because it requires you to fill the $cfg['Servers'][$i]['user'] and $cfg['Servers'][$i]['password'] fields (and as a result, anyone who can read your config.inc.php can discover your username and password).
• In the ISPs, multi-user installations section, there is an entry explaining how to protect your configuration file.
• For additional security in this mode, you may wish to consider the Host authentication $cfg['Servers'][$i]['AllowDeny']['order'] and $cfg['Servers'][$i]['AllowDeny']['rules'] configuration directives.
• Unlike cookie and http, does not require a user to log in when first loading the phpMyAdmin site. This is by design but could allow any user to access your installation. Use of some restriction method is suggested, perhaps a .htaccess file with the HTTP-AUTH directive or disallowing incoming HTTP requests at one's router or firewall will suffice (both of which are beyond the scope of this manual but easily searchable with Google).