Welcome to WebmasterWorld Guest from 35.171.183.163

Forum Moderators: phranque

Message Too Old, No Replies

PHPMyAdmin

All servers appear to all users

     
10:19 am on Jan 19, 2006 (gmt 0)

Junior Member

10+ Year Member

joined:Feb 23, 2005
posts:142
votes: 0


I have a problem I cant resolve with my PHPMyAdmin. Its allowing all users to view all servers in the server choices drop down dialogue. I dont want my users to have access to other peoples server information, even the names of their databases. Is there anyway anyone knows of that I can fix this?
8:56 pm on Jan 25, 2006 (gmt 0)

Full Member

10+ Year Member

joined:Sept 11, 2002
posts:294
votes: 0


Depending on the setup you have a few options.

If your clients do not have FTP access to the phpMyAdmin folder, then you can modify the config.inc.php file to only show a specific database ($cfgServers[1]['only_db'] variable).

If they do have FTP/write access to thta folder, you have to take it onsetp further and create a seperate username/password for each client/database. You can set the config file with a username and password and it will accees the MySql accordingly.

Either way, it sounds like you are letting everone access the database as the root user. You should change this and have a seperate login for each user.

6:39 am on Jan 27, 2006 (gmt 0)

New User

10+ Year Member

joined:Jan 27, 2006
posts:5
votes: 0


Yes he has it pretty much summed up.
The file you want to look at and edit is
config.inc.php in your phpmyadmin folder

typically there's a config.inc.php and I guess
phpmyadmin installed for each user when not
done in advanced configurations.

You definatately want to change your setup asap
as anyone it appears right now can trash your entire db system or view anyone elses data in its entirety
or get the root password by looking at the config.inc.php file itself

Regards,
Bugmaster

[edited by: txbakers at 1:18 pm (utc) on Jan. 27, 2006]
[edit reason] no sigs, please [/edit]

12:58 am on Jan 28, 2006 (gmt 0)

Junior Member

10+ Year Member

joined:Sept 16, 2000
posts:122
votes: 0


If you're running Apache with a *nix based O/S edit config.inc.php and change the auth_type to http. This will enable Apache authentication for all users.

$cfg['Servers'][$i]['auth_type'] = 'http';

The MySQL username and password are used to login.

When adding new users enter the username, host and password.
Leave all the Global Privileges blank.
Scroll down and click on OK.

A new page should appear if the user was successfully created.
Again leave all the Global Privileges blank.

Select the user database in the Database-specific privileges section.
Click OK if you're not re-directed to the next page.

Select the user privileges in this section.

Now the user should have access for their databases only.