1 configure DNS
VI/var/named/yesgo. Loc
# Append the following line. Of course, you can customize other aliases or host names.
MySQL in cname ns. yesgo. loc.
/Etc/rc. d/init. d/named restart // restart the DNS Service
NSLookup // test whether the resolution is successful
2. Create an FTP
# When installing MySQL, we have created an account called mysql. If you have not created an account, follow the following statement to create one:
Useradd mysq-S/dev/null-G ftpchroot
Passwd MySQL
3. Install phpMyAdmin
Tar xvzf/home/src/phpmy *
CP/home/src/PHPmyAdmin/*/home/MySQL
Chown-r MySQL/home/MySQL
Chown-r MySQL/home/MySQL /*
Chmod 701/home/MySQL
Chmod 701/home/MySQL /*
4. Add a VM
VI/usr/local/Apache/CONF/httpd. conf
<Virtualhost mysql. yesgo. Loc>
Serveradmin webmaster@yesgo.loc
DocumentRoot/home/MySQL
Servername mysql. yesgo. Loc
Errorlog logs/MySQL. yesgo. loc-error_log
Customlog logs/MySQL. yesgo. loc-access_log common
</Virtualhost>
5. Add Authentication
# Add a MySQL user
# To use the authentication function, phpMyAdmin requires a startup user who has the query permission on the MySQL related tables. The specific definitions are as follows:
Shell> mysql-P
Mysql> grant usage on MySQL. * to '<stduser>' @ 'localhost' identified by '<stdpass> ';
Mysql> grant select (host, user, select_priv, primary, update_priv, delete_priv, create_priv, drop_priv, primary, file_priv, grant_priv, primary, index_priv, alter_priv) on MySQL. user to '<stduser>' @ 'localhost ';
Mysql> grant select on MySQL. dB to '<stduser>' @ 'localhost ';
Mysql> grant select (host, DB, user, table_name, table_priv, column_priv) on MySQL. tables_priv to '<stduser>' @ 'localhost ';
# Modify the configuration file
Security Management of phpMyAdmin program directory in Linux
Developing web programs in Linux is a popular Development Method: Using PHP to develop web programs, using Apache as the Web server, and using MySQL as the background management database. This combination makes developing web programs simple, secure, and efficient. Because the program runs in Linux, the graphic interface management tool in Windows is less than the copyright fee, so it is a little difficult to use. Now we have a set of programs written by PHP developers to manage databases in Linux. phpMyAdmin can solve ease-of-use problems. PhpMyAdmin is effective for managing databases in Linux. You can use a web browser to create and delete databases, add, delete, and modify table structures and table data, and submit query statements in the form, return data results. Therefore, many Linux servers use phpMyAdmin to manage databases.
PhpMyAdmin is a set of programs managed on the server side through the browser interface. Therefore, it is very important to ensure the security of its directories. Otherwise, data may be stolen or even maliciously damaged. The following describes the general preventive measures in detail.
1. Modify the phpMyAdmin Directory Name:
Before you change the directory name, others can easily gain insight into the directory name, causing security risks. For example, if the domain name of a Linux host is www.test.com, enter www.test.com/phpmyadmin/ in the address bar without modifying the directory name. Therefore, if you change the phpMyAdmin directory to a directory that is not easy to know, such as mynameadmin, you only need to enter www.test.com/mynameadmin/ in the browser to manage your database. (Note: The phpMyAdmin directory name will still be used below. If the directory name has been changed, you only need to rename phpMyAdmin to the new directory name .)
2. Add User authentication to the phpMyAdmin directory:
This is a common method used by many websites for user authentication. When users enter this directory for the first time, a prompt window appears prompting users to enter their usernames and passwords for verification, it is implemented by using the standard mod_auth module of Apache server. The procedure is as follows:
1. Edit the Apache server configuration file in VI to ensure that the following two sentences are not annotated. If the two sentences have the "#" symbol before them, remove the "#" symbol.
DocumentRoot/data/web/Apache/public/htdocs
Accessfilename. htaccess
Alloerride all
2. The passwd program creates a user file:
Htpasswd-C/data/web/Apache/secrects/. htpasswd 88998
Among them,-C indicates that the option tells htpasswd that you want to generate a new user file,/data/web/Apache/secrects/is what you want to store. directory of the htpasswd file. The file name is. htpasswd, 88998 is the user name used for verification. After you press the command above, the system prompts you to enter the password. This password is the password required for verification. the htpasswd file is encrypted. Now you can use more to view the/data/web/Apache/secrects/. htpasswd file. One user name and one encrypted password are displayed.
3. Create a. htaccess file:
Use the text editor to create the. htaccess file in the phpMyAdmin directory (if it has been renamed, it is the new directory name). Add the following statement to the file:
Authname "User Authentication"
Authtype basic
Authuserfile/data/web/Apache/public/htdocs/PHPmyAdmin/. htpasswd
Request user 88998
After saving the operation, go to the phpMyAdmin directory and prompt the verification window. Enter the username and password you just created using the htpasswd command to enter the directory.
3. Add Host-Based Access Control:
After modifying the directory name and adding the access authentication mechanism, it should be said that phpMyAdmin is safe now, but because the phpMyAdmin directory is generally used only by the database administrator, to prevent others from knowing the directory name and verification password, you can also add the following Host-Based Access Control. Host-Based Access is achieved by verifying the IP address of the user's machine, that is, only the qualified IP address can be used to ask the directory. Otherwise, access is denied.
Modify the. htaccess file as follows:
Authname "User Authentication"
Authtype basic
Authuserfile/data/web/Apache/public/htdocs/PHPmyAdmin/. htpasswd
Request user 88998
Order deny, allow
Deny from all
Allow from 202.100.222.80
Three Host-Based Access Control commands are added. The value of the first order command is a list separated by a comma. This list indicates which command has a higher priority, the second command deny defines the host that cannot access the directory, and the third command allow defines the host that can access the directory. In this way, the directory can be accessed by machines whose IP address is 202.100.222.80, none of them can be accessed. You can set this address as the IP address of the user database administrator.
Conclusion: The above three points can be used together to ensure the security of the phpMyAdmin directory. It is difficult for non-database administrators to read data through the phpMyAdmin program. The description here is for the phpMyAdmin directory. If you want to add access restrictions to other directories, you can follow this method.
PhpMyAdmin 2.x. X-document (installation and configuration)
Preface
PhpMyAdmin can manage the entire MySQL Server (requires a Super User) or a single database. To implement the latter, You need to properly set the MySQL user, which can only read/write the permitted databases. Wait until you have read the related sections in the MySQL manual.
Quick installation
Remove the phpMyAdmin package to a directory.
Open config. inc. php3, modify $ pipeline servers [1] ["host"] according to your environment, $ incluservers [1] ["user"] and $ incluservers [1] ["password"] values. You can see all the configurable variables listed in the configuration section under "allow" and modify other parameters as needed.
We recommend that you protect the directory after installing phpMyAdmin (unless on an enterprise intranet ). For example, you can use a HTTP-AUTH (with A. htaccess file ).
Open the file in the browser: Install the host domain name/installation directory/index. php3. PhpMyAdmin should display a welcome screen and your database.
PhpMyAdmin supports multiple languages. If you want to change to the Chinese version, modify require ("English. Inc. php3") in config. Inc. php3 to require ("chinese_gb.inc.php3 "). In this way, the interface is Chinese. Great!
Save config. Inc. php3.
Installation notes
Make sure that the phpMyAdmin directory is protected. No protection is provided by default! It should not be read by anyone, especially the search engine.
Although I add a "nofollow" command to each page, some search engines may not consider continuing to access the page links.
Imagine how AltaVista accessed a link named "Drop dtabase. You can use http://www.apacheweek.com/features/userauthto fully understand the authentication certificate of apache. Another tutorial in http://deepthought.texsci.edu/protected_dirs.html
Php3 should be configured as magic_quotes = on.
Configuration
All configurable data is stored in config. Inc. php3.
$ Worker servers Array
PhpMyAdmin supports managing multiple mysql-servers from version 1.4.2. Therefore, the $ login servers array is added to store login information of different servers. $ Incluservers [1] ["host"] contains the Host Name of the first server, $ incluservers [2] ["host"] is the host of the second server, and so on. If you only have one server to manage, you can simply ignore the Host Name of the other $ login servers entry.
$ Incluservers [N] ["Port"] string
The Port Number of the nth MySQL server. The default value is 3300 (the null value is retained ).
$ Incluservers [N] ["host"] string
The Host Name of the nth MySQL server. For example, localhost.
$ Incluservers [N] ["adv_auth"] Boolean Value
The basic or advanced authentication method should be used for this server. The basic authentication method ($ adv_auth = false) is a common practice:
The user name and password are stored in config. Inc. php3. Advanced authentication ($ adv_auth = true) is introduced from version 1.3.0, allowing you to log on as a legal MySQL user through http-auth. In config. in Inc, you only need to provide a standard user who can connect to MySQL and read the user/DB table of the MySQL database (see $ login servers [N] ["stduser"]).
We recommend that you use advanced management:
When phpMyAdmin is running in a multi-user environment and people have shell processing permissions, you do not want to know the MySQL user name/password.
When you want users to access their own databases and do not want them to interfere with others.
Advanced authentication is secure because standard users only need read-only permissions on the MySQL database. The MySQL password cannot be easily cracked, so a common user has no chance to see the plaintext password of other users.
$ Incluservers [N] ["user"] string
$ Login servers [N] ["password"] string
When the basic authentication method is used, phpMyAdmin uses the user name/password to connect to the MySQL server. This is not required when advanced authentication is used.
$ Incluservers [N] ["stduser"] string
$ Incluservers [N] ["stdpass"] string
When advanced authentication is used, the user name/password pair is used to verify the real user name/password pair. This user must be able to connect to MySQL and read the user table of the MySQL database. This parameter is not required when basic authentication is used.
$ Incluservers [N] ["only_db"] string
If a database name is set, only this database is displayed to the user.
$ Incluservers [N] ["verbose"] string
PhpMyAdmin is only useful for multiple server portals. If this parameter is set, the string is displayed to replace the host name in the context menu on the home page. For example, if you want to display only some databases in the system, this may be useful.
$ Cfgmanualbase string
If it is set to a URL (which points to the MySQL document), a corresponding help link is created.
$ Define persistentconnections Boolean Value
Whether to use persistent connection (mysql_connect or mysql_pconnect ).
$ Define confirm Boolean Value
Whether a warning message ("are you sure you want to...") should be displayed when you are about to lose data ...").
$ Explain maxrows integer
The number of records displayed when you browse a result set. If the result set contains more data, the link to the previous or back pages is displayed.
$ Cfgmaxinputsize integer
When you add a new record to a table, edit the field size.
$ Cfgborder integer
The size of the table boundary.
$ Cfgthbgcolor string [HTML color]
Used in the color of the header.
$ Cfgbgcolorone string [HTML color]
The color of the first row of the table.
$ Cfgbgcolortwo string [HTML color]
The color of the second row of the table.
$ Cfgorder string ["DESC" | "ASC"]
Defines whether the field is displayed in ascending order ("ASC") or in descending order ("DESC") When you click the field name.
$ Empty showblob Boolean Value
Determines whether the Blob field is displayed when you browse the content of a table.
$ Explain showsql Boolean Value
Determines whether to display the SQL query statements generated by phpMyAdmin.
$ Columntypes Array
All possible MySQL column types. In most cases, you do not need to edit it.
$ Cfgfunctions Array
List of functions supported by MySQL. In most cases, you do not need to edit it.
$ Cfgattributetypes Array
Possible attributes of a field. In most cases, you do not need to edit it.
FAQ-FAQs
I cannot insert a new record to the table -- MySQL returns an SQL error.
Check SQL errors carefully. I found that many programmers use the wrong field type. Common Errors include:
No size specified when using varchar
The size is specified using text or blob.
In addition, check the syntax section in the MySQL manual to confirm that your syntax is correct.
PhpMyAdmin cannot connect to MySQL. What's wrong?
Or PHP installation problems or your username/password is incorrect. Try to compile a small script using mysql_connect to see if it can work. If not, it may be that MySQL has not been compiled in PHP.
I cannot edit the table content, although readme says this is a special feature of phpMyAdmin.
PhpMyAdmin only allows you to edit the content of a table with the primary key or unique key value.
When advanced authentication management is used, phpMyAdmin always provides "Access Denied )".
There may be several reasons:
$ Stduser/$ stdpassword is incorrect. Disable $ adv_auth and use this username and password to connect to MySQL.
The user name/password specified in the logon dialog box is incorrect. Try the same method above to see if it can work.
You have created a security mechanism for the phpMyAdmin installation directory, for example, the. htaccess file. This may interfere with phpMyAdmin authentication management, So delete it.
I want to help phpMyAdmin development. What should I do?
The following method is preferred for new developers:
Obtain the current CVS on anonymous CVs:
CVS-D: pserver: anon@www.htmlwizard.net:/usr/local/cvsroot Login
[Password: phpMyAdmin]
CVS-D: pserver: anon@www.htmlwizard.net:/usr/local/cvsroot checkout phpMyAdmin
[Create a New subdirectory named phpMyAdmin]
Add your stuff
Send the modified file to me (tar or gzip) and grant the write permission to the CVS tree to experienced phpMyAdmin users.
Contributed by developers.
Take a look at the developers file.
Is there any good way to make phpMyAdmin more secure against malicious attacks?
It depends on your system. If you are running a server that cannot be used by others, it is enough to use the directory protection binding of the Web server (for example, you can use the. htaccess file for Apache ). If other users can access your server via Telnet, saving the MySQL password in plain text in your Config. Inc. php3 file is not a good method. In this case, you should use the advanced authentication function of phpMyAdmin.
How can I insert a null value to my table?
Enter "null" (no quotation marks) as the field value. This is particularly useful for timestamps or automatically adding fields.
I am an ISP supplier. Can I install phpMyAdmin copy of a master? Or do I need to install one for every customer?
From version 2.0.3, you can install a master phpMyAdmin copy for all your users. This feature was developed by netcologne GmbH. In this way, you must set the MySQL user reasonably and set the advanced authentication method of phpMyAdmin. When you authenticate a user, phpMyAdmin performs these steps:
Select All records whose usernames/passwords match the applied user from the mysql. User table. If no record is returned, authentication fails.
Otherwise, phpMyAdmin continues step 1.
If your global select_priv is "N" (that is, you are not allowed to access all databases), phpMyAdmin searches for MySQL. DB table to find records of select_priv = "Y" for this user. If no record is found, authentication fails. Otherwise, phpMyAdmin displays all databases that can be viewed by users.
If your global select_priv is "Y", all the databases in the system are displayed.
This means you need to add users to the MySQL database as follows:
Insert into user (host, user, password, select_priv, primary, update_priv, delete_priv, create_priv, drop_priv, primary, shutdown_priv, primary, file_priv, grant_priv, primary, index_priv, alter_priv) values ("localhost", "foo", password ("bar"), "N", "n ", "N", "n", "n ")
Insert into dB (host, DB, user, select_priv, primary, update_priv, delete_priv, create_priv, drop_priv, grant_priv, primary, index_priv, alter_priv) values ("localhost", "foo_db ", "foo", "Y ","","","","")
In this way, for user Foo, only the "foo_db" library will be displayed