ISPs, multi-user installations

4.1 I’m an ISP. Can I setup one central copy of phpMyAdmin or do I need to install it for each customer?

Since version 2.0.3, you can setup a central copy of phpMyAdmin for all your users. The development of this feature was kindly sponsored by NetCologne GmbH. This requires a properly setup MySQL user management and phpMyAdmin HTTP or cookie authentication.

参见

认证方式的使用

4.2 What’s the preferred way of making phpMyAdmin secure against evil access?

This depends on your system. If you’re running a server which cannot be accessed by other people, it’s sufficient to use the directory protection bundled with your webserver (with Apache you can use .htaccess files, for example). If other people have telnet access to your server, you should use phpMyAdmin’s HTTP or cookie authentication features.

Suggestions:

  • Your config.inc.php file should be chmod 660.
  • All your phpMyAdmin files should be chown -R phpmy.apache, where phpmy is a user whose password is only known to you, and apache is the group under which Apache runs.
  • Follow security recommendations for PHP and your webserver.

4.3 I get errors about not being able to include a file in /lang or in /libraries.

Check php.ini, or ask your sysadmin to check it. The include_path must contain “.” somewhere in it, and open_basedir, if used, must contain “.” and “./lang” to allow normal operation of phpMyAdmin.

4.4 phpMyAdmin always gives “Access denied” when using HTTP authentication.

This could happen for several reasons:

4.5 Is it possible to let users create their own databases?

Starting with 2.2.5, in the user management page, you can enter a wildcard database name for a user (for example “joe%”), and put the privileges you want. For example, adding SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER would let a user create/manage their database(s).

4.6 How can I use the Host-based authentication additions?

If you have existing rules from an old .htaccess file, you can take them and add a username between the 'deny'/'allow' and 'from' strings. Using the username wildcard of '%' would be a major benefit here if your installation is suited to using it. Then you can just add those updated lines into the $cfg['Servers'][$i]['AllowDeny']['rules'] array.

If you want a pre-made sample, you can try this fragment. It stops the ‘root’ user from logging in from any networks other than the private network IP blocks.

  1. //block root from logging in except from the private networks
  2. $cfg['Servers'][$i]['AllowDeny']['order'] = 'deny,allow';
  3. $cfg['Servers'][$i]['AllowDeny']['rules'] = array(
  4. 'deny root from all',
  5. 'allow root from localhost',
  6. 'allow root from 10.0.0.0/8',
  7. 'allow root from 192.168.0.0/16',
  8. 'allow root from 172.16.0.0/12',
  9. );

4.7 Authentication window is displayed more than once, why?

This happens if you are using a URL to start phpMyAdmin which is different than the one set in your $cfg['PmaAbsoluteUri']. For example, a missing “www”, or entering with an IP address while a domain name is defined in the config file.

4.8 Which parameters can I use in the URL that starts phpMyAdmin?

When starting phpMyAdmin, you can use the db and server parameters. This last one can contain either the numeric host index (from $i of the configuration file) or one of the host names present in the configuration file.

For example, to jump directly to a particular database, a URL can be constructed as https://example.com/phpmyadmin/?db=sakila.

参见

1.34 Can I directly access a database or table pages?

在 4.9.0 版更改: Support for using the pma_username and pma_password parameters was removed in phpMyAdmin 4.9.0 (see PMASA-2019-4).