Very short guide to phpMyAdmin: Difference between revisions
No edit summary |
No edit summary |
||
(2 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
phpMyAdmin is a web interface (written in PHP) to MySQL. You can use this PHP application to control your MySQL database. Installing phpMyAdmin is easy (provided you already have Apache, MySQL and PHP set up). However this article provides a few details about configuration of phpMyAdmin. | phpMyAdmin is a web interface (written in PHP) to MySQL. You can use this PHP application to control your MySQL database. Installing phpMyAdmin is easy (provided you already have Apache, MySQL and PHP set up). However this article provides a few details about configuration of phpMyAdmin. | ||
= Installation on Gentoo = | |||
* Don't follow the webapp instructions given by Gentoo. It's much easier to install it manually via the web interface - follow the standard instructions. | * Don't follow the webapp instructions given by Gentoo. It's much easier to install it manually via the web interface - follow the standard instructions. | ||
* '''UPDATE:''' installing as a Gentoo webapp is possible. | * '''UPDATE:''' installing as a Gentoo webapp is possible. | ||
= Authentication Method = | |||
I think the most important thing to understand while using phpMyAdmin is its authentication method. The default one, '''config''', can be potentially very dangerous. If you use this method, the MySQL user and password are stored on a PHP file on your server. Reading these from the PHP file seems hard, since accessing this file via the Apache server will be impossible as Apache will parse the file as PHP and will not let a anonymous user on the Web see the actual file contents. This is still a security risk, though. | I think the most important thing to understand while using phpMyAdmin is its authentication method. The default one, '''config''', can be potentially very dangerous. If you use this method, the MySQL user and password are stored on a PHP file on your server. Reading these from the PHP file seems hard, since accessing this file via the Apache server will be impossible as Apache will parse the file as PHP and will not let a anonymous user on the Web see the actual file contents. This is still a security risk, though. | ||
Line 12: | Line 12: | ||
But, more importantly, any user knowing the location of your phpMyAdmin directory, if for convenience you unpacked it in your main web browser directory, will be able to access your MySQL database without having to enter any password! This is really dangerous, so I think '''config''' authentication method should be avoided. Use '''http''' authentication method instead. | But, more importantly, any user knowing the location of your phpMyAdmin directory, if for convenience you unpacked it in your main web browser directory, will be able to access your MySQL database without having to enter any password! This is really dangerous, so I think '''config''' authentication method should be avoided. Use '''http''' authentication method instead. | ||
Enter this line into you phpMyAdmin configuration file, which is the file config.inc.php in the phpMyAdmin | Enter this line into you phpMyAdmin configuration file, which is the file config.inc.php in the phpMyAdmin directory. | ||
# $cfg['Servers'][$i]['auth_type'] = 'http'; | # $cfg['Servers'][$i]['auth_type'] = 'http'; | ||
= Account Management = | |||
As noted on the PHPMyAdmin documentation, PHPMyAdmin does no account management on its own. The only valid user accounts are thus the MySQL ones. When you log in, the username/login are just passed on to MySQL. | As noted on the PHPMyAdmin documentation, PHPMyAdmin does no account management on its own. The only valid user accounts are thus the MySQL ones. When you log in, the username/login are just passed on to MySQL. | ||
== | = Operations = | ||
== General == | |||
* Be careful, when copying an entire database, to also copy the constraints. By default phpMyAdmin leaves the checkbox unchecked. | |||
== Associations, foreign keys == | |||
* If using the InnoDB engine, you have a Relation View page, where you can change (and view) the foreign key constraints. Note that unfortunately, currently you can only view to which tables the table refers. You cannot see which tables refer to the current one. | * If using the InnoDB engine, you have a Relation View page, where you can change (and view) the foreign key constraints. Note that unfortunately, currently you can only view to which tables the table refers. You cannot see which tables refer to the current one. | ||
* You must first drop a foreign key constraint (DROP FOREIGN KEY, accessible via the GUI in the relation view) before droping the index or a column. | |||
= Limits and Bugs = | |||
* phpMyAdmin does not report correctly the default value of a SQL field. Note that by default in MySQL the default value seems to always be NULL anyway. |
Latest revision as of 11:36, 15 November 2010
phpMyAdmin is a web interface (written in PHP) to MySQL. You can use this PHP application to control your MySQL database. Installing phpMyAdmin is easy (provided you already have Apache, MySQL and PHP set up). However this article provides a few details about configuration of phpMyAdmin.
Installation on Gentoo
- Don't follow the webapp instructions given by Gentoo. It's much easier to install it manually via the web interface - follow the standard instructions.
- UPDATE: installing as a Gentoo webapp is possible.
Authentication Method
I think the most important thing to understand while using phpMyAdmin is its authentication method. The default one, config, can be potentially very dangerous. If you use this method, the MySQL user and password are stored on a PHP file on your server. Reading these from the PHP file seems hard, since accessing this file via the Apache server will be impossible as Apache will parse the file as PHP and will not let a anonymous user on the Web see the actual file contents. This is still a security risk, though.
But, more importantly, any user knowing the location of your phpMyAdmin directory, if for convenience you unpacked it in your main web browser directory, will be able to access your MySQL database without having to enter any password! This is really dangerous, so I think config authentication method should be avoided. Use http authentication method instead.
Enter this line into you phpMyAdmin configuration file, which is the file config.inc.php in the phpMyAdmin directory.
# $cfg['Servers'][$i]['auth_type'] = 'http';
Account Management
As noted on the PHPMyAdmin documentation, PHPMyAdmin does no account management on its own. The only valid user accounts are thus the MySQL ones. When you log in, the username/login are just passed on to MySQL.
Operations
General
- Be careful, when copying an entire database, to also copy the constraints. By default phpMyAdmin leaves the checkbox unchecked.
Associations, foreign keys
- If using the InnoDB engine, you have a Relation View page, where you can change (and view) the foreign key constraints. Note that unfortunately, currently you can only view to which tables the table refers. You cannot see which tables refer to the current one.
- You must first drop a foreign key constraint (DROP FOREIGN KEY, accessible via the GUI in the relation view) before droping the index or a column.
Limits and Bugs
- phpMyAdmin does not report correctly the default value of a SQL field. Note that by default in MySQL the default value seems to always be NULL anyway.