Very short guide to phpMyAdmin: Difference between revisions

From Elvanör's Technical Wiki
Jump to navigation Jump to search
No edit summary
No edit summary
Line 1: Line 1:
phpMyAdmin is a web interface (written in PHP) to MySQL. You can use this PHP application to control your MySQL database. Installing phpMyAdmin is easy (provided you already have Apache, MySQL and PHP set up). However this article provides a few details about configuration of phpMyAdmin.
phpMyAdmin is a web interface (written in PHP) to MySQL. You can use this PHP application to control your MySQL database. Installing phpMyAdmin is easy (provided you already have Apache, MySQL and PHP set up). However this article provides a few details about configuration of phpMyAdmin.


== Authentication Method ==
== Authentication Method ==
Line 11: Line 10:


  # $cfg['Servers'][$i]['auth_type'] = 'http';
  # $cfg['Servers'][$i]['auth_type'] = 'http';
== Account Management ==
As noted on the PHPMyAdmin documentation, PHPMyAdmin does no account management on its own. The only valid user accounts are thus the MySQL ones. When you log in, the username/login are just passed on to MySQL.

Revision as of 09:09, 21 August 2007

phpMyAdmin is a web interface (written in PHP) to MySQL. You can use this PHP application to control your MySQL database. Installing phpMyAdmin is easy (provided you already have Apache, MySQL and PHP set up). However this article provides a few details about configuration of phpMyAdmin.

Authentication Method

I think the most important thing to understand while using phpMyAdmin is its authentication method. The default one, config, can be potentially very dangerous. If you use this method, the MySQL user and password are stored on a PHP file on your server. Reading these from the PHP file seems hard, since accessing this file via the Apache server will be impossible as Apache will parse the file as PHP and will not let a anonymous user on the Web see the actual file contents. This is still a security risk, though.

But, more importantly, any user knowing the location of your phpMyAdmin directory, if for convenience you unpacked it in your main web browser directory, will be able to access your MySQL database without having to enter any password! This is really dangerous, so I think config authentication method should be avoided. Use http authentication method instead.

Enter this line into you phpMyAdmin configuration file, which is the file config.inc.php in the phpMyAdmin dirctory.

# $cfg['Servers'][$i]['auth_type'] = 'http';

Account Management

As noted on the PHPMyAdmin documentation, PHPMyAdmin does no account management on its own. The only valid user accounts are thus the MySQL ones. When you log in, the username/login are just passed on to MySQL.