PhpMyAdmin installation and security settings in Linux

Source: Internet
Author: User
Tags mcrypt website server

Install myadmin and set security in the php tutorial in linux


Phpmyadmin is a set of programs managed on the server side through the browser interface. Therefore, it is very important to ensure the security of its directories. Otherwise, data may be stolen or even maliciously damaged. The following describes the general preventive measures in detail.

Phpmyadmin is a management tool for mysql tutorials.

Through this program, you can directly manage mysql from the web without running it on the system.

Installation steps:

1. Obtain the archive ftp://ohaha.ks.edu.tw/pub/source/php/phpmyadmin_2.0.5.tar.gzor

Ftp: // ohaha.ks.edu.tw/pub/source/php/c_phpmyadmin_2.0.5.tar.gz


The only difference is that the latter does not need to be optimized in Chinese.

The so-called Chinese optimization is because the translator of this program may be from the Chinese mainland.

You can ignore it if you think it is okay.

2. We should first use the former and then add the Chinese optimization.

3. decompress the file to the root directory of the web server.

It means that the place where you place the web page

Ex:/usr/local/apache/htdocs/(this is where my webpage is stored)

A. # mv phpmyadmin_2.0.5.tar.gz/usr/local/apache/htdocs/move to the root directory of the file

B. # tar zxvf phpmyadmin_2.0.5.tar.gz decompress phpmyadmin_2.0.5.tar.gz

C. Path/usr/local/apache/htdocs/phpmyadmin

D. modify the configuration file.

# Vi config. inc. php3

Find the following section

$ Login servers [1] ['host'] = 'localhost'; // mysql hostname

$ Define servers [1] ['Port'] = ''; // mysql port blank indicates default 3306

$ Incluservers [1] ['adv _ auth'] = true; // whether advanced functions are used

$ Login servers [1] ['stduser'] = 'root'; // mysql Administrator

$ Login servers [1] ['stdpass'] = '000000'; // password of the mysql Administrator

// I use root as the Administrator, and the password is 123456. You can use your favorite password.

 

The following describes how to install and configure phpmyadmin on linux.

1. Modify the phpmyadmin Directory Name:

Before you change the directory name, others can easily gain insight into the directory name, causing security risks. For example, if the domain name of a linux host is www.test.com, enter www.test.com/phpmyadmin/ in the address bar without modifying the directory name. Therefore, if you change the phpmyadmin directory to a directory that is not easy to know, such as mynameadmin, you only need to enter www.test.com/mynameadmin/ in the browser to manage the database when managing your own database tutorial. (Note: The phpmyadmin directory name will still be used below. If the directory name has been changed, you only need to rename phpmyadmin to the new directory name .)

2. Add User authentication to the phpmyadmin directory:

This is a common method used by many websites for user authentication. When users enter this directory for the first time, a prompt window appears prompting users to enter their usernames and passwords for verification, it is implemented by using the standard mod_auth module of apache server. The procedure is as follows:

1. Edit the apache server configuration file in vi to ensure that the following two sentences are not annotated. If the two sentences have the "#" symbol before them, remove the "#" symbol.

Documentroot/data/web/apache/public/htdocs
Accessfilename. htaccess
Alloerride all


2. The passwd program creates a user file:

Htpasswd-c/data/web/apache/secrects/. htpasswd 88998


Among them,-c indicates that the option tells htpasswd that you want to generate a new user file,/data/web/apache/secrects/is what you want to store. directory of the htpasswd file. The file name is. htpasswd, 88998 is the user name used for verification. After you press the command above, the system prompts you to enter the password. This password is the password required for verification. the htpasswd file is encrypted. Now you can use more to view the/data/web/apache/secrects/. htpasswd file. One user name and one encrypted password are displayed.

3. Create a. htaccess file:

Use the text editor to create the. htaccess file in the phpmyadmin directory (if it has been renamed, it is the new directory name). Add the following statement to the file:

Authname "User Authentication"
Authtype basic
Authuserfile/data/web/apache/public/htdocs/phpmyadmin/. htpasswd
Request user 88998


After saving the operation, go to the phpmyadmin directory and prompt the verification window. Enter the username and password you just created using the htpasswd command to enter the directory.

3. Add Host-Based Access Control:

After modifying the directory name and adding the access authentication mechanism, it should be said that phpmyadmin is safe now, but because the phpmyadmin directory is generally used only by the database administrator, to prevent others from knowing the directory name and verification password, you can also add the following Host-Based Access Control. Host-Based Access is achieved by verifying the ip address of the user's machine, that is, only the qualified ip address can be used to ask the directory. Otherwise, access is denied.

Modify the. htaccess file as follows:

Authname "User Authentication"
Authtype basic
Authuserfile/data/web/apache/public/htdocs/phpmyadmin/. htpasswd
Request user 88998
Order deny, allow
Deny from all
Allow from 202.100.222.80


Three Host-Based Access Control commands are added. The value of the first order command is a list separated by a comma. This list indicates which command has a higher priority, the second command deny defines the host that cannot access the directory, and the third command allow defines the host that can access the directory. In this way, the directory can be accessed by machines whose IP address is 202.100.222.80, none of them can be accessed. You can set this address as the ip address of the user database administrator.


Summary and Solutions of phpmyadmin installation in linux

1. Download phpmyadmin, copy it to/var/www/html, decompress it, and start using it.

Http: // ip/phpmyadmin Test

Cp config. sample. inc. php config/config. inc. php

Chmod o + w config/config. inc. php

2. Problem 1: phpmyadmin cannot load mysql extensions,


The solution is as follows:

Yum-y install php-mysql

Yum install mysqli

Run the http://www.linuxidc.com/phpmyadmin/scripts/setup.php

You can access the phpmyadmin logon interface. Www.zhutiai.com

3. Problem 2: The phpmyadmin configuration file now requires a top secret phrase password (blowfish_secret)

Modify config/config. inc. php

'Blowfish _ secret' uses any string as the cookie's encrypted string. If there is no encryption key, the system will display "the configuration file needs a top secret phrase password (blowfish_secret )"

$ Cfg ['blowfish _ secret'] = 'custom'; // custom

4. Problem 3: The mcrypt extension cannot be loaded.

Solution:

Yum install libmcrypt

Yum install php-mcrypt

Summary: in solving these problems, the materials on the network are for windows systems, and few are for linux systems. The author has solved these problems by testing the only materials, but no application test is available. Next, prepare for the test.

Remember to restart apache after each modification:

Service httpd restart


==================================


Now we only want to compile the mod_rewrite.so module and load it in apache. Next we will introduce this method.

Take the fedora operating system as an example:

1) install apache for the first time and add the -- enable-rewrite option during compilation.

For example. /Configure -- prefix =/usr/local/apachel -- enable-so -- enable-mod-shared = all -- enable-rewrite -- enable-cache

2) added the mod_rewrite module.

# Find.-name mod_rewrite.c // find the mod_rewrite.c file in the apache source code installation directory

# Cd path/to/mod_rewrite.c // enter the directory containing the mod_rewrite.c File

#/Usr/local/apache/bin/apxs-c mod_rewrite.c // apxs should specify the absolute path, in the bin directory where you are currently using apache

#/Usr/local/apache/bin/apxs-I-a-n mod_rewrite mod_rewrite.la

If there are no errors, compile a mod_rewrite.so file in your apache modules directory.

Edit the httpd. conf file and confirm that the httpd. conf file contains the loading statement mod_rewrite.so, as shown below:

Loadmodule rewrite_module modules/mod_rewrite.so

At this time, your apache should have supported rewrite.

Vicos Note: Remember to restart apache


More detailed installation tutorial

The mod_rewrite module provides a rule-based (using regular expression analyzer) engine for real-time redirection to url requests. Each rule can have an unlimited number of rules and flexible and powerful url operation mechanism with additional condition rules. This url operation can depend on various tests, such as server variables, environment variables, http headers, time tags, and even search databases that match url components.

The mod_rewrite module can operate all parts of the url (including the path information) at the server level (httpd. conf) and directory-level (. and generate the final request string. The result of this rewrite operation can be internal sub-processing, external request redirection, or even internal proxy processing.

However, all these features and flexibility bring about a problem, that is, complexity. Therefore, do not expect to understand the entire module in one day.


Internal Processing
The internal processing of the mod_rewrite module is extremely complicated. However, in order to prevent common users from making low-level errors and allow the Administrator to make full use of its functions, I would like to explain it here.

Api segment
First, you must understand that apache processes http requests through several program segments. Apache api provides a hook program for each program segment. Mod_rewrite uses two hook programs: one is the translation hook from the url to the file name, which is used to read the http request before the authorization starts; the other is to modify the hook, used in the authorization program segment and read directory-level configuration files (. before the content processor is activated.

Therefore, after apache receives a request and determines the response host (or virtual host), the rewrite engine executes the url to the file name program segment to process all the mod_rewrite commands in server-level configuration. After the final data directory is determined, enter the correction program segment and trigger the mod_rewrite command in directory-level configuration. These two segments are not distinct, but they both implement rewriting the url into a new url or file name. Although the api was not originally designed for this purpose, it has become a use of the api. In apache 1.x, this is the only Implementation Method of mod_rewrite. Remember the following two points for better understanding:

Although mod_rewrite can rewrite a url as a url, a url as a file name, or even a file name as a file name, the api currently only provides a hook from a url to a file name. In apache 2.0, two missing hooks are added to make the processing clearer. However, this does not cause any trouble to users. You only need to remember the fact that apache uses the url-to-file hook to provide more powerful functions than the target functions of api design.
It is incredible that mod_rewrite provides directory-level url operations, that is,. htaccess files, which must be processed after the url is converted to a file name. This is also necessary because the. htaccess file exists in the file system, so processing has reached this level. In other words, it is too late to process any url operations based on the api segment. To solve the problem of chicken and eggs, mod_rewrite uses a trick: When performing a directory-level url/file name operation, mod_rewrite first overwrites the file name back to the corresponding url (this operation is usually not feasible, but you can see how it is implemented by referring to the rewritebase command below). Then, create a new internal sub-request for the new url to re-execute the api program segment.
In addition, mod_rewrite tries its best to make these complex operations fully transparent to users, but it must be remembered that server-level url operations are fast and efficient, directory-level operations are slow and inefficient due to the problem of chicken and eggs. On the other hand, this is the only method that mod_rewrite can provide (partially restricted) url operations for general users.

Remember these two points!

Processing of Rule Sets
When mod_rewrite starts to be executed in these two program segments, it reads the configuration in the configuration structure (or the server level created during service startup, or the apache core traverses the directory-level rule set collected by the Directory, and then starts the url rewriting engine to process the Rule Set with one or more conditions. Both server-level and directory-level rule sets are processed by the same url rewriting engine, but the processing results are different.

The order of rules in a rule set is very important, because the rewrite engine processes the rules in a special (unconventional) order. The principle is to traverse each rule one by one (rewriterule directives ), if a rule that matches the condition appears, you may traverse the existing rule conditions (rewriteconddirectives ). Due to historical reasons, the condition rules are prefixed, so the control process is somewhat lengthy. For details, see figure 1.


Figure 1: the control flow through the rewriting ruleset

It can be seen that the url matches the pattern of each rule first. If the matching fails, mod_rewrite immediately terminates the processing of the rule and then processes the next rule. If the match is successful, mod_rewrite searches for the response rule condition. If none of the conditions exist, replace the url with the new value constructed by substitution, and then continue to process other rules. If conditions exist, an internal cycle is processed one by one in the order listed. The processing of the condition for the rule is different: the url does not match pattern. Instead, a teststring string is created by extending the variable, reverse referencing, and searching the ing table, use it to match condpattern. If the match fails, the entire condition set and the corresponding rule fail. If the match succeeds, the next rule is executed until all the conditions are executed successfully. If all conditions match, replace the url with substitution and continue processing.

Special Character reference
Special characters in the apache 1.3.20, teststring and substitution strings can be escaped using a forward slash (that is, special characters are considered as common characters without special meanings ). For example, substitution can use '$' to include a dollar sign, so that mod_rewrite does not regard it as a reverse reference.

Reverse reference capability of Regular Expressions
This is very important: Once parentheses are used in pattern or condpattern, an Internal Reverse reference is established. You can use $ n and % n to call them (see below, both substitution and teststring are valid. Figure 2 illustrates the reverse reference location of the converted extension.


Figure 2: the back-reference flow through a rule.

Although the internal processing process of mod_rewrite is messy, understanding this can help you read the instructions described below.


Environment Variable
The mod_rewrite module tracks two additional (non-standard) cgi/ssi environment variables, script_url and script_uri. They contain the Logical Network Status of the current resource, while the Standard cgi/ssi variables script_name and script_filename contain the physical system status.

Note: These variables hold the uri/url when they are initially requested, that is, before any rewrite operation. It is important that they are the original basis for rewriting URLs to physical path names.

Example
Script_name =/sw/lib/w3s/tree/global/u/rse/. www/index.html
Script_filename =/u/rse/. www/index.html
Script_url =/u/rse/
Script_uri = http://en1.engelschall.com/u/rse/


Practical Solution
We also provide another url rewriting guide, which lists many practical solutions for url-based problems. You can find more useful rule sets and mod_rewrite information.


Rewritebase command

The rewritebase command explicitly sets the baseline url for directory-level rewriting. In the following section, you can see that rewriterule can be used in directory-level configuration files (. htaccess), and takes effect in a local range. That is, the rule actually processes only part of the local path prefix. After processing, the path will be automatically attached back. The default value is rewritebase physical-directory-path.

When a new url is replaced, the mod_rewrite module must inject the url into the server again. Therefore, it must know the corresponding url prefix or url benchmark. Generally, this prefix is the corresponding file path. However, most website URLs do not directly correspond to their physical file paths, so this assumption is generally not acceptable! In this case, you must use the rewritebase command to specify the correct url prefix.

If your website server url does not directly correspond to the physical file path, but you need to use the rewriterule command, you must specify rewritebase in each corresponding. htaccess file.
For example, the contents of the directory-level configuration file are as follows:

#
#/Abc/def/. htaccess -- per-dir config file for directory/abc/def
# Remember:/abc/def is the physical path of/xyz, I. e., the server
# Has a 'Alias/xyz/abc/def 'ctictive e.g.
#

Rewriteengine on

# Let the server know that we were reached via/xyz and not
# Via the physical path prefix/abc/def
Rewritebase/xyz

# Now the rewriting rules
Rewriterule maid $ newstuff.html

In the preceding example, the/xyz/oldstuff.html request is correctly rewritten as a physical file/abc/def/newstuff.html.

For apache hackers
Detailed steps for internal processing are listed below:

Request:
/Xyz/oldstuff.html

Internal processing:
/Xyz/oldstuff.html->/abc/def/oldstuff.html (per-server alias)
/Abc/def/oldstuff.html->/abc/def/newstuff.html (per-dir rewriterule)
/Abc/def/newstuff.html->/xyz/newstuff.html (per-dir rewritebase)
/Xyz/newstuff.html->/abc/def/newstuff.html (per-server alias)

Result:
/Abc/def/newstuff.html

Although this process seems complicated, it is too late to re-inject this (rewrite) request into the apache core because of the arrival time of directory-level rewriting, therefore, apache does. However, the overhead is not as big as it looks, because re-injection is performed completely within the apache server, and such a process is also used by many other operations in apache. Therefore, you can fully trust that the design and implementation are correct.


Rewritecond command

The rewritecond command defines a condition for a rule, that is, there is one or more rewritecond commands before a rewriterule command. The rewrite rule after the condition takes effect only when the current uri matches pattern and meets these conditions.

Teststring is a plain text string, but it can contain the following extensible components:

Rewriterule reverse reference: the reference method is
$ N

 

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.