HPE Community
Operating System - Linux
1752277 Members
4580 Online
108786 Solutions
New Discussion

Re: configure phpMyAdmin

 
'chris'
Super Advisor

‎04-05-2006 12:23 PM

‎04-05-2006 12:23 PM

configure phpMyAdmin

hi

I have apache2 and phpmyadmin installed on debian sarge stable:


# dpkg -l | grep apache2
ii apache2 2.0.54-5 next generation, scalable, extendable web se
ii apache2-common 2.0.54-5 next generation, scalable, extendable web se
ii apache2-doc 2.0.54-5 documentation for apache2
ii apache2-mpm-pr 2.0.54-5 traditional model for Apache2
ii apache2-utils 2.0.54-5 utility programs for webservers
ii libapache2-mod 1.999.21-1 Integration of perl with the Apache2 web ser
ii libapache2-mod 4.3.10-16 server-side, HTML-embedded scripting languag
# dpkg -l | grep phpmyadmin
ii phpmyadmin 2.6.2-3sarge1 set of PHP-scripts to administrate MySQL ove
# dpkg -l | grep php4
ii php4 4.3.10-16 server-side, HTML-embedded scripting languag
ii php4-cli 4.3.10-16 command-line interpreter for the php4 script
ii php4-common 4.3.10-16 Common files for packages built from the php
ii php4-mysql 4.3.10-16 MySQL module for php4
ii php4-snmp 4.3.10-16 SNMP module for php4


I have 5 different domains and 5 different virual servers pointed to these domains.

every domain should has its own mysql database and needs the access via phpmyadmin.

in /usr/share/phpmyadmin/config.inc.php I have the following authentication:


$cfg['Servers'][$i]['auth_type'] = 'http'; // Authentication method (config, http or cookie based)?
$cfg['Servers'][$i]['user'] = ''; // MySQL user
$cfg['Servers'][$i]['password'] = ''; // MySQL password (only needed
// with 'config' auth_type)
$cfg['Servers'][$i]['only_db'] = ''; // If set to a db-name, only


I've added in /etc/apache2/sites-enabled/000-default the following entries:


# Provide an alias to phpmyadmin
Alias /phpmyadmin /usr/share/phpmyadmin

Order allow,deny
allow from all



now every user, even root can access via phpmyadmin
and it doesn't matter which domain or ip address
(I mean all domains pointed to my webserver) is in the browser.
howto prevent that ?
the user should access via phpmyadmin only using his own domain
in the browser.

my second problem is howto block mysql admin (root) user
on phpmyadmin for a security reason ?
0 Kudos
Reply
1 REPLY 1
Steven E. Protter
Exalted Contributor

‎04-05-2006 01:13 PM

‎04-05-2006 01:13 PM

Re: configure phpMyAdmin

Shalom Chris,

You need to generate a .htaccess database for the phpadmin with the .htpasswd command.

This will permit you to limit the users to their own files and not others.

root will still be able to access all via the command interface but not phpadmin.

To confirm the correct httpd.conf config:
http://www.mdz.dk/apacheUK.html

Reference links that are helpful:
http://www.tiffanybbrown.com/articles/viewarticle.php/66
http://codex.wordpress.org/Glossary

I don't know which link is best. My knowledge is minimal in this area, I just look at the net every time I have to do it.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.