Jump to content

running admin programs on a production server

mottwsc

By mottwsc
in PHP Coding Help

 Share

Recommended Posts

mottwsc Member

mottwsc

Posted
Posted

This is about security issues related to running PHP.  I'm planning out how I can run PHP administrative programs (that update data in the database) on a production server that runs PHP and MySQL.  I'm looking for help from folks who have experience with production servers.

 

The general idea is to put these PHP programs in another directory that couldn't be accessed with a browser.  There, they could be run by me from the command line.  One of these programs would be much more helpful if it could be run in a browser because of what it does.

 

Is there a way to do this safely - namely, run it using a browser but not allow anyone else to run it?

 

Also, is it safe for me to use MySQL Query Browser on the production machine in order to periodically run queries or make updates to the data in the database?

 

Thanks!

wildteen88 Regular Member

wildteen88

Posted
Posted

By admin programs are you referring to phpmyadmin? Which is popular web based administrative tool for MySQL commonly used by many websites.

 

By default configuration phpMyAdmin logs you in without asking for username/password. This is because the username/password are hard coded into the config.inc.php. A much more secure way is to setup phpMyAdmin to asked for a MYSQL username/password for logging in.

 

To do this simply edit the config.inc.php file and change where it says config on this line

$cfg['Servers'][$i]['auth_type'] = 'config';

to http.

 

Now phpMyAdmin will require you to use a MYSQL username/password to login (just like MySQL Query Browser does). To add extra security if you're using Apache Server you can add a .htaccess file within your phpmyadmin folder and add the following code:

Order Deny,Allow
Deny from all
Allow from xxx.xxx.xxx.xxx

Change xxx.xxx.xxx.xxx to your computers IP Address. Now only you can access yoursite.com/phpmyadmin. However this will only work if you're using a static IP Address.

 

Alternatively you can setup a new MySQL user which allows for remote connections to your MySQL server. You can then use normal desktop applications such as MySQL Query Browser or MySQL Administrator to login remotely.

mottwsc Member

mottwsc

Posted
  • Author
Posted

I wasn't talking about phpMyAdmin.  I have programs that I wrote in PHP that I need to run periodically to support the PHP application I've built.  Those are what I'll need to run securely.  I'm not sure if I can use phpMyAdmin for that.  (Also, this will be on a Windows server using IIS.)

 

Separately, in briefly looking at phpMyAdmin, I'm not sure if it does more related to accessing MySQL than I could do with MySQL Query Browser, which I could run remotely.  I'll look into that further, but any comments would be appreciated.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.