Very short guide to phpMyAdmin

From Elvanör's Technical Wiki
Revision as of 17:49, 21 September 2006 by Elvanor (talk | contribs)
Jump to navigation Jump to search

phpMyAdmin is a web interface (written in PHP) to MySQL. You can use this PHP application to control your MySQL database. Installing phpMyAdmin is easy (provided you already have Apache, MySQL and PHP set up). However this article provides a few details about configuration of phpMyAdmin.


Authentication Method

I think the most important thing to understand while using phpMyAdmin is its authentication method. The default one, config, can be potentially very dangerous. If you use this method, the MySQL user and password are stored on a PHP file on your server. Reading these from the PHP file seems hard, since accessing this file via the Apache server will be impossible as Apache will parse the file as PHP and will not let a anonymous user on the Web see the actual file contents. This is still a security risk, though.

But, more importantly, any user knowing the location of your phpMyAdmin directory, if for convenience you unpacked it in your main web browser directory, will be able to access your MySQL database without having to enter any password! This is really dangerous, so I think config authentication method should be avoided. Use http authentication method instead.

Enter this line into you phpMyAdmin configuration file, which is the file config.inc.php in the phpMyAdmin dirctory.

# $cfg['Servers'][$i]['auth_type'] = 'http';