Seasonal Savings: 20% off selected memberships for a limited time. Give now

Easy-to-follow video tutorials help you learn software, creative, and business skills.Become a member

Setting different database and super administrator passwords

From: Joomla! 1.5: Developing Secure Sites

Video: Setting different database and super administrator passwords

A lot of the previous best practices that we have discussed have a lot of bang for their buck. Unfortunately, this is not one of them. While important, this best practice combined with other ones will drastically reduce the risk of your web site being hacked. We're going to discuss why it is important to have a different database password than your super administrator password. The first thing we need to do is go into cPanel to create our database.

Setting different database and super administrator passwords

A lot of the previous best practices that we have discussed have a lot of bang for their buck. Unfortunately, this is not one of them. While important, this best practice combined with other ones will drastically reduce the risk of your web site being hacked. We're going to discuss why it is important to have a different database password than your super administrator password. The first thing we need to do is go into cPanel to create our database.

Once logged in, scroll down to the Databases section. Click on MySQL Databases. Create your database. In the Add New User section, we need to create a username. I will just use the username joomla. For Password, we want to create something completely cryptic. I'll explain why a little bit later. Click on the Password Generator button. As you can see, a password has been generated for us. Let's copy this, as we will need it later.

Check the box that says "I have copied this password to a safe place," and click Use Password. The password has been populated into the Password, and Password (Again) fields. Click Create User. The last step that we have to do in here is give the user permissions to access that database. In the Add User To Database, we want to select the users that we want to have access to our database. In this case, we only have one. Then we choose which database it gets access to. Again, it only has one. You may have more in this list. Click Add.

On this screen, you have to tell it which privileges this user has. For the purposes of using this user and database with Joomla!, you want to click All Privileges, and click Make Changes. The next thing we want to do is go over to the Joomla! web installer and start our installation process. We'll click Next to go past the Language screen. Next. For Host Name, we will choose localhost. The Username, going back over to cPanel, scrolling down a little bit, we can see that our user is demojoom_joomla.

I copied the password to my clipboard, so I'll just press Ctrl+V to paste that there. For the Database Name, we can go back over to cPanel, and see that our database name is the same as our username. It's demojoom_joomla. To help make this secure, we're going to change our database prefix, since we're on this screen. Then click Next. Click Next to get past the FTP Configuration screen.

For Site Name, we will type Demo Joomla! Site. I will enter my e-mail address and my admin password twice. Clicking Install Sample Data will install all of the sample data that comes with Joomla! by default. If you don't click this, you'll just have a blank site, which is fine for most experts. Click Next. The next thing we need to do is remove the Joomla! installation directory. I'm going to open up an FTP client, connect to my web site, navigate into the public_html folder, and delete the installation directory.

Some people just rename their installation directory. While this is typically safe. I wouldn't recommend that it's best to delete it completely. Now that the installation directory has been deleted, let's go back over to our Installation screen, and click Site. Now that Joomla! is installed, let's just go in and take a look and see what the two passwords look like, and see how they're different. Going back over to my FTP client, I'm going to open configuration.php.

In this file, we can see that the variable password equals something completely cryptic. This is our database password. The password we entered for our admin account was something that we could remember. Since we'll never use the database password again, it's okay to have it something completely cryptic, since we don't have to memorize it. The reason we want this password to be different than our super administrator password is that this one is stored in plain text. Later, we'll take a look at our super administrator password, and see how it's stored in the database. On its own, this isn't that big of a deal, except that if this issue is in place, and other issues are in place, a potential hacker could read your database password, log in to your database, and then make changes without your knowledge.

Something fun to do is to go into the database and see exactly how the admin password is stored. To do this, we'll go back over to cpanel. I'll click on Home. Let's scroll back down to the Database section, and click on phpMyAdmin. Selecting which database I would like, and then again, selecting the users table, we can see that our password is stored as an MD5 salted hash. This is nothing more than a fancy way of saying that your password is very secure when it is saved to the Joomla! database.

Again, there is nothing fancy about this best practice. Just knowing that you should keep your database password and your super administrator password different is really all that matters.

Show transcript

This video is part of

Image for Joomla! 1.5: Developing Secure Sites
Joomla! 1.5: Developing Secure Sites

24 video lessons · 5719 viewers

Kenneth Crowder
Author

 

Start learning today

Get unlimited access to all courses for just $25/month.

Become a member
Sometimes @lynda teaches me how to use a program and sometimes Lynda.com changes my life forever. @JosefShutter
@lynda lynda.com is an absolute life saver when it comes to learning todays software. Definitely recommend it! #higherlearning @Michael_Caraway
@lynda The best thing online! Your database of courses is great! To the mark and very helpful. Thanks! @ru22more
Got to create something yesterday I never thought I could do. #thanks @lynda @Ngventurella
I really do love @lynda as a learning platform. Never stop learning and developing, it’s probably our greatest gift as a species! @soundslikedavid
@lynda just subscribed to lynda.com all I can say its brilliant join now trust me @ButchSamurai
@lynda is an awesome resource. The membership is priceless if you take advantage of it. @diabetic_techie
One of the best decision I made this year. Buy a 1yr subscription to @lynda @cybercaptive
guys lynda.com (@lynda) is the best. So far I’ve learned Java, principles of OO programming, and now learning about MS project @lucasmitchell
Signed back up to @lynda dot com. I’ve missed it!! Proper geeking out right now! #timetolearn #geek @JayGodbold
Share a link to this course

What are exercise files?

Exercise files are the same files the author uses in the course. Save time by downloading the author's files instead of setting up your own files, and learn by following along with the instructor.

Can I take this course without the exercise files?

Yes! If you decide you would like the exercise files later, you can upgrade to a premium account any time.

Become a member Download sample files See plans and pricing

Please wait... please wait ...
Upgrade to get access to exercise files.

Exercise files video

How to use exercise files.

Learn by watching, listening, and doing, Exercise files are the same files the author uses in the course, so you can download them and follow along Premium memberships include access to all exercise files in the library.


Exercise files

Exercise files video

How to use exercise files.

For additional information on downloading and using exercise files, watch our instructional video or read the instructions in the FAQ .

This course includes free exercise files, so you can practice while you watch the course. To access all the exercise files in our library, become a Premium Member.

Are you sure you want to mark all the videos in this course as unwatched?

This will not affect your course history, your reports, or your certificates of completion for this course.


Mark all as unwatched Cancel

Congratulations

You have completed Joomla! 1.5: Developing Secure Sites.

Return to your organization's learning portal to continue training, or close this page.


OK
Become a member to add this course to a playlist

Join today and get unlimited access to the entire library of video courses—and create as many playlists as you like.

Get started

Already a member ?

Become a member to like this course.

Join today and get unlimited access to the entire library of video courses.

Get started

Already a member?

Exercise files

Learn by watching, listening, and doing! Exercise files are the same files the author uses in the course, so you can download them and follow along. Exercise files are available with all Premium memberships. Learn more

Get started

Already a Premium member?

Exercise files video

How to use exercise files.

Ask a question

Thanks for contacting us.
You’ll hear from our Customer Service team within 24 hours.

Please enter the text shown below:

The classic layout automatically defaults to the latest Flash Player.

To choose a different player, hold the cursor over your name at the top right of any lynda.com page and choose Site preferences from the dropdown menu.

Continue to classic layout Stay on new layout
Exercise files

Access exercise files from a button right under the course name.

Mark videos as unwatched

Remove icons showing you already watched videos if you want to start over.

Control your viewing experience

Make the video wide, narrow, full-screen, or pop the player out of the page into its own window.

Interactive transcripts

Click on text in the transcript to jump to that spot in the video. As the video plays, the relevant spot in the transcript will be highlighted.

Learn more, save more. Upgrade today!

Get our Annual Premium Membership at our best savings yet.

Upgrade to our Annual Premium Membership today and get even more value from your lynda.com subscription:

“In a way, I feel like you are rooting for me. Like you are really invested in my experience, and want me to get as much out of these courses as possible this is the best place to start on your journey to learning new material.”— Nadine H.

Thanks for signing up.

We’ll send you a confirmation email shortly.


Sign up and receive emails about lynda.com and our online training library:

Here’s our privacy policy with more details about how we handle your information.

Keep up with news, tips, and latest courses with emails from lynda.com.

Sign up and receive emails about lynda.com and our online training library:

Here’s our privacy policy with more details about how we handle your information.

   
submit Lightbox submit clicked
Terms and conditions of use

We've updated our terms and conditions (now called terms of service).Go
Review and accept our updated terms of service.