vicidial.org

[Kumba]

On ViciBox v.9.0 (and v.8.1+ I believe) phpMyAdmin is not setup by default even if you select it during the install. This was done deliberately because phpMyAdmin is a HUGE security hole. I cannot stress enough how much of a security problem phpMyAdmin is if it ever gets exposed to the public internet. It's very likely your box will be compromised within an hour if it is inadvertently exposed.

However, if after reading the above and accepting the potential risk should phpMyAdmin not be properly secured, here's how you enable it:

Code: Select all

ln -s /usr/share/phpMyAdmin /srv/www/htdocs/


Once you run the above code, phpMyAdmin will just start working. The default apache configuration file for phpMyAdmin limits accessibility to local IPs only by default as well. To further secure or grant additional IP access you will need to edit /etc/apache2/conf.d/phpMyAdmin.conf and make the appropriate modifications.

[carpenox]

Perhaps this will help someone looking to make sure they secure there phpMyAdmin:

Code: Select all

####Securing phpMyAdmin#####

nano /etc/apache2/conf.d/phpMyAdmin.conf

###change the following:

<Directory /usr/share/phpMyAdmin>

    Options FollowSymLinks
    AllowOverride All   #This was "None"

    <IfVersion < 2.4>
        Order Deny,Allow
        Allow from all
    </IfVersion>


###save and exit

nano /usr/share/phpMyAdmin/.htaccess

####Enter the following:

AuthType Basic
AuthName "Restricted Files"
AuthUserFile /etc/phpMyAdmin/.htpasswd
Require valid-user

###save and exit

zypper install apache2-utils

htpasswd -c /etc/phpMyAdmin/.htpasswd whatever.username.u.want
Password: enter the password u want

##restart apache
service apache restart or systemctl restart apache

###go to your phpmyadmin

http://server.ip/phpMyAdmin


##Enjoy

[Zaraab]

I want to allow only one IP which can access the phpmyadmin.

How can I do thati?

[Zaraab]

How to delete access and change password of this phpmyadmin page?

how to allow specific Ip only?

[carpenox]

htpasswd -c /etc/phpMyAdmin/.htpasswd whatever.username.u.want (will change the pw)

firewall-cmd --zone=trusted --add-source=127.0.0.1 (put your IP obviously) - you need to have youre firewall setup correctly for this to work though

[Zaraab]

Thanks genius

[carpenox]

Kumba, whats the deal with phpMyAdmin on v10?

[alo]

I wouldn't ever use phpMyAdmin, so its not a concern for me.

[carpenox]

i had to uninstall the one it came with and do it via zypper to get it working so i was just curious, i had specific tables i had to export for a client and phpmyadmin makes it nice n easy, plus i keep it secure with htpasswd