Very short guide to phpMyAdmin: Difference between revisions

From Elvanör's Technical Wiki
Jump to navigation Jump to search
No edit summary
No edit summary
Line 12: Line 12:
But, more importantly, any user knowing the location of your phpMyAdmin directory, if for convenience you unpacked it in your main web browser directory, will be able to access your MySQL database without having to enter any password! This is really dangerous, so I think '''config''' authentication method should be avoided. Use '''http''' authentication method instead.  
But, more importantly, any user knowing the location of your phpMyAdmin directory, if for convenience you unpacked it in your main web browser directory, will be able to access your MySQL database without having to enter any password! This is really dangerous, so I think '''config''' authentication method should be avoided. Use '''http''' authentication method instead.  


Enter this line into you phpMyAdmin configuration file, which is the file config.inc.php in the phpMyAdmin dirctory.
Enter this line into you phpMyAdmin configuration file, which is the file config.inc.php in the phpMyAdmin directory.


  # $cfg['Servers'][$i]['auth_type'] = 'http';
  # $cfg['Servers'][$i]['auth_type'] = 'http';
Line 26: Line 26:
= Operations =
= Operations =


* Be careful, when copying an entire databse, to also copy the constraints. By default phpMyAdmin leaves the checkbox unchecked.
* Be careful, when copying an entire database, to also copy the constraints. By default phpMyAdmin leaves the checkbox unchecked.
 
= Limits and Bugs =
 
* phpMyAdmin does not report correctly the default value of a SQL field. Note that by default in MySQL the default value seems to always be NULL anyway.

Revision as of 18:23, 7 January 2010

phpMyAdmin is a web interface (written in PHP) to MySQL. You can use this PHP application to control your MySQL database. Installing phpMyAdmin is easy (provided you already have Apache, MySQL and PHP set up). However this article provides a few details about configuration of phpMyAdmin.

Installation on Gentoo

  • Don't follow the webapp instructions given by Gentoo. It's much easier to install it manually via the web interface - follow the standard instructions.
  • UPDATE: installing as a Gentoo webapp is possible.

Authentication Method

I think the most important thing to understand while using phpMyAdmin is its authentication method. The default one, config, can be potentially very dangerous. If you use this method, the MySQL user and password are stored on a PHP file on your server. Reading these from the PHP file seems hard, since accessing this file via the Apache server will be impossible as Apache will parse the file as PHP and will not let a anonymous user on the Web see the actual file contents. This is still a security risk, though.

But, more importantly, any user knowing the location of your phpMyAdmin directory, if for convenience you unpacked it in your main web browser directory, will be able to access your MySQL database without having to enter any password! This is really dangerous, so I think config authentication method should be avoided. Use http authentication method instead.

Enter this line into you phpMyAdmin configuration file, which is the file config.inc.php in the phpMyAdmin directory.

# $cfg['Servers'][$i]['auth_type'] = 'http';

Account Management

As noted on the PHPMyAdmin documentation, PHPMyAdmin does no account management on its own. The only valid user accounts are thus the MySQL ones. When you log in, the username/login are just passed on to MySQL.

Relation View

  • If using the InnoDB engine, you have a Relation View page, where you can change (and view) the foreign key constraints. Note that unfortunately, currently you can only view to which tables the table refers. You cannot see which tables refer to the current one.

Operations

  • Be careful, when copying an entire database, to also copy the constraints. By default phpMyAdmin leaves the checkbox unchecked.

Limits and Bugs

  • phpMyAdmin does not report correctly the default value of a SQL field. Note that by default in MySQL the default value seems to always be NULL anyway.