About
The phpMyAdmin tool is an SQL database manager written in PHP. It resides in the web root on your server, making it easily accessed from a web browser.
There are a number important security considerations when using software like phpMyAdmin, since it:
- Communicates directly with your MySQL installation.
- Handles authentication using MySQL credentials.
- Executes and returns results for arbitrary SQL queries.
The phpMyAdmin tool is available for a number of different operating systems. This article will focus solely on the Linux installation.
Manual Installation
While there are a number of ways to install phpMyAdmin, there is an easy quick install method. This involves downloading and extracting it directly to your web root directory. While you will need at least basic bash terminal knowledge, it is relatively trivial to set up. However, you will require sudo
privileges or access to the web-user-account.
Following are the condensed steps for the quick install found in the phpMyAdmin documentation.
cd /www
sudo wget https://files.phpmyadmin.net/phpMyAdmin/5.1.1/phpMyAdmin-5.1.1-english.tar.gz -O phpMyAdmin.tar.gz
sudo tar -xvf phpMyAdmin.tar.gz
sudo chown -R wp-user:wp-user phpMyAdmin-5.1.1-english/
sudo cp config.sample.inc.php config.inc.php
- Change directory to your web root.
- Download the tar file. You can choose from a number of options here. We rename it here with the
-O
flag - Unpack the tar, it will be placed in it’s own directory.
- Give ownership of the directory to the web user account.
- Create the configuration file by copying the sample configuration file.
Usage
When a user logs into phpMyAdmin the username and password are sent directly to the SQL database. It is just an interface to the database, and any operation it does can be done on the command line. As such, all users must be valid database users.
Securing
You should use cookie mode authentication so that your user/password pair are not kept in the configuration file. The variable may be set in the example config file as:
$cfg['Servers'][$i]['auth_type'] = 'cookie';
You will need to also add a 'blowfish secret'
value to the config file.
$cfg['blowfish_secret'] = 'anyrandomtextyouwant';
Deny access to the temp, libraries, and templates subdirectories. Put the following in the server
directive of your nginx enabled sites file.
location /phpmyadmin/libraries { deny all; }
location /phpmyadmin/templates { deny all; }
location /phpmyadmin/tmp { deny all; }