mottwsc Posted August 15, 2009 Share Posted August 15, 2009 This is about security issues related to running PHP. I'm planning out how I can run PHP administrative programs (that update data in the database) on a production server that runs PHP and MySQL. I'm looking for help from folks who have experience with production servers. The general idea is to put these PHP programs in another directory that couldn't be accessed with a browser. There, they could be run by me from the command line. One of these programs would be much more helpful if it could be run in a browser because of what it does. Is there a way to do this safely - namely, run it using a browser but not allow anyone else to run it? Also, is it safe for me to use MySQL Query Browser on the production machine in order to periodically run queries or make updates to the data in the database? Thanks! Quote Link to comment https://forums.phpfreaks.com/topic/170380-running-admin-programs-on-a-production-server/ Share on other sites More sharing options...
wildteen88 Posted August 15, 2009 Share Posted August 15, 2009 By admin programs are you referring to phpmyadmin? Which is popular web based administrative tool for MySQL commonly used by many websites. By default configuration phpMyAdmin logs you in without asking for username/password. This is because the username/password are hard coded into the config.inc.php. A much more secure way is to setup phpMyAdmin to asked for a MYSQL username/password for logging in. To do this simply edit the config.inc.php file and change where it says config on this line $cfg['Servers'][$i]['auth_type'] = 'config'; to http. Now phpMyAdmin will require you to use a MYSQL username/password to login (just like MySQL Query Browser does). To add extra security if you're using Apache Server you can add a .htaccess file within your phpmyadmin folder and add the following code: Order Deny,Allow Deny from all Allow from xxx.xxx.xxx.xxx Change xxx.xxx.xxx.xxx to your computers IP Address. Now only you can access yoursite.com/phpmyadmin. However this will only work if you're using a static IP Address. Alternatively you can setup a new MySQL user which allows for remote connections to your MySQL server. You can then use normal desktop applications such as MySQL Query Browser or MySQL Administrator to login remotely. Quote Link to comment https://forums.phpfreaks.com/topic/170380-running-admin-programs-on-a-production-server/#findComment-898795 Share on other sites More sharing options...
mottwsc Posted August 15, 2009 Author Share Posted August 15, 2009 I wasn't talking about phpMyAdmin. I have programs that I wrote in PHP that I need to run periodically to support the PHP application I've built. Those are what I'll need to run securely. I'm not sure if I can use phpMyAdmin for that. (Also, this will be on a Windows server using IIS.) Separately, in briefly looking at phpMyAdmin, I'm not sure if it does more related to accessing MySQL than I could do with MySQL Query Browser, which I could run remotely. I'll look into that further, but any comments would be appreciated. Quote Link to comment https://forums.phpfreaks.com/topic/170380-running-admin-programs-on-a-production-server/#findComment-898801 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.