Coral: general access phpmyadmin

From The Uniform Server Wiki
Revision as of 13:33, 12 November 2011 by Ric (talk | contribs) (Created page with "<div id="top" style="margin:0;padding: 0px 0px 0px 5px; color: #000; background-color: #FFFFEB; border: 1px solid darkslateblue;"><span id="top" style="margin:0;padding: 0px;font...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

General - phpMyAdmin Access

phpMyAdmin is integrated into The Uniform Server's structure. It is used to administer the MySQL server locally using a browser, or (optionally) over the Internet. It performs various tasks such as creating, modifying or deleting databases, tables, fields or rows; executing SQL statements; or managing database users and permissions. To run phpMyAdmin, simply click the phpMyAdmin button.

Because of the powerful capabilities, phpMyAdmin must be properly secured before allowing external access. The Uniform Server attempts to do this as transparently as possible. By default, access is restricted to localhost only, while Intranet and Internet access is provided by menu options explained below.

UniServer 8-Coral
  Home
  Quick Start
» General
  Apache
  MySQL
  PHP
  MSMTP
  CRON
  DtDNS
  Db Backup
  Perl
  Main Index

Features

  • Local access - Requires no name/password. These are provided transparently (as user root)
  • Intranet + password - Requires name and password as defined for restricted MySQL user (all users)
  • Internet + password + ssl - Requires name and password as defined for restricted MySQL user (all users). All transactions performed over a secure encrypted connection
  • Disable Internet selection if server certificate is not generated.
  • Automatically tracks SSL port used. User may change main server configuration.
  • Automatically tracks server name. User may change main server configuration.

Top

Root phpMyAdmin - Change access type

UniController: Server Configuration > General > Root phpMyAdmin - Change access type

  • A) Local access is the default and prevents both Intranet and Internet users access to phpMyAdmin. Only localhost may connect. It allows the root MySQL administrator direct access without the need to enter a name or password. For security reasons you must change the default MySQL password. This prevents accidental cross-site scripting.
  • B) Intranet + passwords. Anyone on your Intranet is allowed access to phpMyAdmin, however to gain access to the MySQL server requires a name and password. A user name and password are stored on the MySQL server for each restricted user created. A restricted user is one that is assigned access only to specific databases, and also has limited privileges for them.
  • C) Internet + passwords +ssl This is similar to Intranet, except that all transactions are performed over a secure encrypted connection using ssl. If you have not installed or created a server certificate, clicking this radio button will produce a warning and the access selection will not change. This security feature forces you to use ssl and prevents sending names and passwords over the Internet in plain text.
  • D) phpMyAdmin root folder is protected by an .htaccess file. This menu button opens this file in the default text editor allowing you to view or edit the file.
  • E) phpMyAdmin is configured using the user configuration file config.inc.php. This menu button opens this file in the default text editor allowing you to view or edit the file.
  • F) This menu button opens phpMyAdmin in the default browser. A greyed out button indicates that Apache is not running and its function are unavailable.

Top

Background information

Two files govern phpMyAdmin access and ultimately MySQL server access:
UniServer\home\phpMyAdmin\.htaccess - Apache configuration
UniServer\home\phpMyAdmin\config.inc.php - phpMyAdmin user configuration


You can modify the above files to suite your own requirements, but be sure you read the following:

File .htaccess

When selecting a particular access type, certain directives are overwritten as follows:

Local access

  • Access is restricted to locahost (127.0.0.1) IPv4
  • Access is restricted to locahost (::1) IPv6
  • Force SSL disabled (# disables lines)
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
Allow from ::1

#RewriteCond %{SERVER_PORT} !=443
#RewriteRule ^ https://localhost:443%{REQUEST_URI} [NS,R,L]

Intranet + passwords

  • Access is restricted to locahost (127.0.0.1) and Intranet (192.168) IPv4
  • Access is restricted to locahost (::1) IPv6
  • Force SSL disabled (# disables lines)
Order Deny,Allow
Deny from all
Allow from 127.0.0.1 192.168
Allow from ::1

#RewriteCond %{SERVER_PORT} !=443
#RewriteRule ^ https://localhost:443%{REQUEST_URI} [NS,R,L]

Intranet + passwords +ssl

  • Access restriction removed (# disables lines) allows everyone access
  • Force SSL enabled (removed # enables lines)
#Order Deny,Allow
#Deny from all
#Allow from 127.0.0.1
#Allow from ::1

RewriteCond %{SERVER_PORT} !=443
RewriteRule ^ https://localhost:443%{REQUEST_URI} [NS,R,L]

File config.inc.php

When selecting a particular access type, certain directives are overwritten as follows:

Local access

Automatically use root user password, allowing transparent access.

/* Authentication section */
$cfg['Servers'][$i]['auth_type']       = 'config';  // Authentication method (config, http or cookie based)?
$cfg['Servers'][$i]['user']            = 'root';    // MySQL user
$cfg['Servers'][$i]['password']        = $password; // MySQL password (only needed with 'config' auth_type)
$cfg['Servers'][$i]['AllowNoPassword'] = false;     // Must use password

Intranet + passwords and
Internet + passwords +ssl
Force all users to enter a name and password.

/* Authentication section */
$cfg['Servers'][$i]['auth_type']       = 'cookie';  // Authentication method (config, http or cookie based)?
$cfg['Servers'][$i]['user']            = '';        // MySQL user
$cfg['Servers'][$i]['password']        = '';        // MySQL password (only needed with 'config' auth_type)
$cfg['Servers'][$i]['AllowNoPassword'] = false;     // Must use password

Top