Scribd
Upload
42 views3 pages

How To Install and Secure Phpmyadmin On Ubuntu 12.04: Setup

- phpMyAdmin is a free web interface for MySQL databases that provides a visual frontend. - To install phpMyAdmin on Ubuntu, use apt-get to install it and complete the basic configuration. Then add its config file to Apache and restart Apache. - For security, lock down the phpMyAdmin directory with Apache authentication that requires a username and password. Create an .htaccess file and htpasswd file to set this up. Restart Apache to complete the setup. - Now only authorized users can access the phpMyAdmin login page, providing a more secure way to manage MySQL databases through a web interface.

Uploaded by

pandorgo1234
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as ODT, PDF, TXT or read online on Scribd
42 views3 pages

How To Install and Secure Phpmyadmin On Ubuntu 12.04: Setup

- phpMyAdmin is a free web interface for MySQL databases that provides a visual frontend. - To install phpMyAdmin on Ubuntu, use apt-get to install it and complete the basic configuration. Then add its config file to Apache and restart Apache. - For security, lock down the phpMyAdmin directory with Apache authentication that requires a username and password. Create an .htaccess file and htpasswd file to set this up. Restart Apache to complete the setup. - Now only authorized users can access the phpMyAdmin login page, providing a more secure way to manage MySQL databases through a web interface.

Uploaded by

pandorgo1234
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as ODT, PDF, TXT or read online on Scribd
You are on page 1/ 3

How To Install and Secure phpMyAdmin on Ubuntu 12.

04
Tagged In: Ubuntu, My Sql, Apache, Php

About phpMyAdmin
phpMyAdmin is an free web software to wor with MyS!" on the web#it pro$ides a con$enient $isual front end to the MyS!" capabilities%

Setup
The steps in this tutorial require the user to ha$e root pri$ileges on your $irtual pri$ate ser$er% &ou can see how to set that up here in steps ' and (% )efore wor ing with phpMyAdmin you need to ha$e "AMP installed on your ser$er% If you don*t ha$e the "inu+, Apache, MyS!", P,P stac on your ser$er, you can find the tutorial for setting it up here% -nce you ha$e the user and required software, you can start installing phpMyAdmin on your .PS/

Install phpMyAdmin
The easiest way to install phpmyadmin is through apt0get:
sudo apt-get install phpmyadmin

1uring the installation, phpMyAdmin will wal you through a basic configuration% -nce the process starts up, follow these steps: Select Apache2 for the ser$er 3hoose &4S when as ed about whether to 3onfigure the database for phpmyadmin with dbconfig0common 4nter your MyS!" password when prompted 4nter the password that you want to use to log into phpmyadmin After the installation has completed, add phpmyadmin to the apache configuration%
sudo nano /etc/apache2/apache2.conf

Add the phpmyadmin config to the file%


Include /etc/phpmyadmin/apache.conf

5estart apache:
sudo service apache2 restart

&ou can then access phpmyadmin by going to youripaddress6phpmyadmin% The screen should loo li e this

Security
Unfortunately older $ersions of phpMyAdmin ha$e had serious security $ulnerabilities including allowing remote users to e$entually e+ploit root on the underlying $irtual pri$ate ser$er% -ne can pre$ent a ma7ority of these attac s through a simple process: loc ing down the entire directory with Apache*s nati$e user6password restrictions which will pre$ent these remote users from e$en attempting to e+ploit older $ersions of phpMyAdmin%

Set Up the .htaccess ile


To set this up start off by allowing the %htaccess file to wor within the phpmyadmin directory% &ou can accomplish this in the phpmyadmin configuration file:
sudo nano /etc/phpmyadmin/apache.conf

Under the directory section, add the line 8Allow-$erride All9 under 81irectory Inde+9, ma ing the section loo li e this:
<Directory /usr/share/phpmyadmin> Options Follow ym!in"s DirectoryInde# inde#.php $llowOverride $ll %...&

!on"i#ure the .htaccess "ile


:ith the %htaccess file allowed, we can proceed to set up a nati$e user whose login would be required to e$en access the phpmyadmin login page% Start by creating the %htaccess page in the phpmyadmin directory:
sudo nano /usr/share/phpmyadmin/.htaccess

;ollow up by setting up the user authori<ation within %htaccess file% 3opy and paste the following te+t in:
$uth'ype (asic $uth)ame *+estricted Files* $uth,serFile /path/to/passwords/.htpasswd +e-uire valid-user

)elow you=ll see a quic e+planation of each line AuthType$ This refers to the type of authentication that will be used to the chec the passwords% The passwords are chec ed $ia ,TTP and the eyword )asic should not be changed% Auth%ame$ This is te+t that will be displayed at the password prompt% &ou can put anything here% AuthUser ile$ This line designates the ser$er path to the password file >which we will create in the ne+t step%? &e'uire (alid)user$ This line tells the %htaccess file that only users defined in the password file can access the phpMyAdmin login screen%

!reate the htpasswd "ile


@ow we will go ahead and create the $alid user information% Start by creating a htpasswd file% Use the htpasswd command, and place the file in a directory of your choice as long as it is not accessible from a browser% Although you can name the password file whate$er you prefer, the con$ention is to name it %htpasswd%
sudo htpasswd -c /path/to/passwords/.htpasswd username

A prompt will as you to pro$ide and confirm your password% -nce the username and passwords pair are sa$ed you can see that the password is encrypted in the file% ;Inish up by restarting apache:
sudo service apache2 restart

Accessin# phpMyAdmin
phpMyAdmin will now be much more secure since only authori<ed users will be able to reach the login page% Accessing youripaddress6phpmyadmin should display a screen li e this% ;ill it in with the username and password that you generated% After you login you can access phpmyadmin with the MyS!" username and password%

You might also like