[SOLVED] Default phpmyadmin directory seems a poor choice for location, and is shared

[sKunKbad]

I have used phpmyadmin many times on shared hosting accounts, and so I wanted to set it up on the server I am testing out. The default installation doesn't seem to have a configuration of any kind, and it places access to phpmyadmin at localhost/phpmyadmin. In the past I had read that having the phpmyadmin access in the public view wasn't secure, and wondering how other people are installing/configuring phpmyadmin. Do I just need a REALLY strong password, or is there some better way of setting it up? I'm using name based virtual hosts, and all of the domains have access to the same phpmyadmin installation, which would obviously be bad if the domains were owned by different users. I guess in a real hosting environment that the domains would all have their own virtual server, with their own services, but can there be a separation on a simple name based virtual hosts setup?

[trq]

Just to let you know (and I'm going to let it slide) your inquiries really have nothing to do with Linux.

 

I'll just let you know now that I'm not a phpmyadmin (or mysql for that mattaer) user, as I usually prefer a shell interface to most applications. That being saidm, I'll try and help you out.

 

In the past I had read that having the phpmyadmin access in the public view wasn't secure

 

phpmyadmin needs to be within a publicly accessible area as far as I'm aware otherwise users simply cannot gain access to it. You could probably wrap it within your own application if you really wanted to, and of course, I'm sure there would be options around for accessing it via a https connection.

 

Do I just need a REALLY strong password

 

Its hard to tell if your trying to build a multiple user hosting environment or your just seeing how things work, I'll take it the later.

 

I'm using name based virtual hosts, and all of the domains have access to the same phpmyadmin installation, which would obviously be bad if the domains were owned by different users.

 

Not really, one install of phpmyadmin should support many users, just make sure you only grant users permissions the privilages they requore to access there own databases.

 

This is one reason why learning the underlying principles is important. phpmyadmin is simply an interface, its the underlying principles that count.

 

The default installation doesn't seem to have a configuration of any kind, and it places access to phpmyadmin at localhost/phpmyadmin.

 

How did you install? From what I have gathered from previous post you are using some Ubuntu? Its been a long while since Ive used phpmyadmin but I'm sure if you installed via apt-get it simply places a vhost within /etc/apche2/sites-available, from there its simple to use a2ensite to enable the site and it is accessible from something like http://phpmyadmin

 

If not, this is another one of the cases where learning the underlying principles is important. Apache can be configured in many different ways depending on your preferences and most of it (especially when it comes down to where sites/config files are) is quite straight forward.

 

I guess in a real hosting environment that the domains would all have their own virtual server

 

This really depends on the setup, most people still use shared hosting where every user simply has access to a VirtualHost or a ServerRoot within there ~/public_html directory.

[sKunKbad]

Just to let you know (and I'm going to let it slide) your inquiries really have nothing to do with Linux.

 

Thanks, I probably should have thought better about my questions, and worded them differently (or put them somewhere else).

 

Its hard to tell if your trying to build a multiple user hosting environment or your just seeing how things work, I'll take it the later.

 

Yes, I am just trying to see how things work. I'd like to eventually have enough experience (and I know that may be a long ways away) to add "linux web server administration" to my list of skills.

 

How did you install? From what I have gathered from previous post you are using some Ubuntu? Its been a long while since Ive used phpmyadmin but I'm sure if you installed via apt-get it simply places a vhost within /etc/apche2/sites-available, from there its simple to use a2ensite to enable the site and it is accessible from something like http://phpmyadmin

 

Yes, I am running the latest Ubuntu Server Edition (8.04). Yes, I installed with apt-get, but there is no vhost listed for phpmyadmin in /etc/apache2/sites-available. There is also no phpmyadmin directory in www, even though phpmyadmin is accessible from http://localhost/phpmyadmin. I'll have to look around and see what I can find.

 

If not, this is another one of the cases where learning the underlying principles is important. Apache can be configured in many different ways depending on your preferences and most of it (especially when it comes down to where sites/config files are) is quite straight forward.

 

Since I am still just learning, I will want to have experience with all of the different ways to configure. I've kept a log of what I have done, and uploaded all of the files I have changed, so I can use them as reference in the future. While there are plenty of "Install Ubuntu LAMP Server" tutorials out there, they only represent one way of doing things, and my goal is to learn. I'd like to attempt to run other distros as well, but want to feel that I have at least semi-mastered the one I am working with now before moving on.

 

On the side, have you or have you ever thought about writing a linux how-to book? You seem to know everything, and explain things well. There are a lot of books out there, but one that would specifically speak in detail about web server administration would be great. The one I have is 350 pages, and only 15 pages are dedicated to web server info.

 

 

[tomfmason]

on debian phpmyadmin is installed to /usr/share/phpmyadmin. I bet ubuntu is the same. If I were the only one using phpmyadmin I would not make it publicly accessible and use it via a ssh tunnel.

[sKunKbad]

on debian phpmyadmin is installed to /usr/share/phpmyadmin. I bet ubuntu is the same. If I were the only one using phpmyadmin I would not make it publicly accessible and use it via a ssh tunnel.

 

OK, yes phpmyadmin is installed to /user/share/phpmyadmin on ubuntu also. As for using it via ssh tunnel... remember I am just learning. I would need to find a tutorial or more info to do that.

[tomfmason]

in your directory config for phpmyadmin (/etc/apache2/config.d/phpmyadmin.conf) you need something like this:

 

<Directory /usr/share/phpmyadmin/>
    AllowOverride All
    Order Deny,Allow
    Deny from all
    Allow from 127.0.0.1
</Directory>

 

you may need to use the ip address for the server instead of 127.0.0.1. I had to do that for postgresql as it was seeing my ssh connection as the external ip address and not 127.0.0.1

 

I am going to assume that you are using putty to connect to the box. In which case checkout http://oldsite.precedence.co.uk/nc/putty.html. Use port 80 for the remote port and whatever you want for the local port. Then you can go to http://localhost:xx/phpmyadmin(xx is the local port)

[sKunKbad]

Wow, that is sweet! I did it with relative ease. I got hung up thinking that putty was somehow going to display as a browser, but once I figured out (by reading) that all I needed to do was to change the way my Firefox connects to the internet, all was good. I actually tested the connection without modifying the phpmyadmin.conf, but now that I know how it works making that change is simple enough.

 

Thanks! Thread Solved!