phpMyAdmin

phpMyAdmin is a web based UI to help browse and manage your MySQL databases.

Vulnerabilities

Be careful to keep this application updated, or disable it when your not using it.  It's has a history of serious vulnerabilities discovered lately, for example see our blog for some known issues. We have yet to find any other good alternative mysql web administration interface. Ideas are welcome to support@rimuhosting.com

Also a good basic security step is to enable apache basic authentication in front of it, which effectively blocks automated scanning attempts.

Another option is to configure it to be accessible via localhost only, and use an ssh tunnel to connect to phpMyAdmin so that it's not exposed to the public.

PhpMyAdmin uses credentials defined in mysql for its web logins, so make sure your mysql credentials are current and secure.

phpMyAdmin Install

On most recent Debian or Ubuntu installs you can install phpmyadmin by running apt-get install phpmyadmin.  Then add to /etc/apache2/apache2.conf this line:

Include /etc/phpmyadmin/apache.conf

Then you can access phpmyadmin at:
http://yourip/phpmyadmin/

We have a script here which will start or install the package, enable apache basic authentication, and check a few other settings.  On Centos distributions the script will enable EPEL for you and install phpMyAdmin from this repo.

wget "http://proj.ri.mu/installphpmyadmin.sh"

bash installphpmyadmin.sh

You should now be able to reach phpMyAdmin at

https://yourip/pma

or

http://yourip/pma

Common gotchas

* Remember to start mysql if it is not already.

Depreciated notes

• For a new install of the mysql service the mysql_secure_installation command bundled with mysql is a handy way to get safely setup (not relevant to recent distributions).
• phpmyadmin may report issues with the php suhosin plugin, particularly on older distributions. Try adding the $cfg['SuhosinDisableWarning'] = true; if everything seems to work regardless. We recommend leaving that php feature enabled otherwise.