Menu
I'm writing a webhosting control panel for our organization, and would like to be able to automatically login a user to phpMyAdmin.
What would be the best way to do this?
Of course we don't want to save our users' control panel account passwords in our database in plain text.
693
You have to edit the config file to do this. Open the file with a Text Editor
\phpMyAdmin\config.inc.php
Replace the following code
$cfg['Servers'][$i]['auth_type'] = 'cookie';
$cfg['Servers'][$i]['user'] = '';
$cfg['Servers'][$i]['password'] = '';
With this
$cfg['Servers'][$i]['auth_type'] = 'config';
$cfg['Servers'][$i]['user'] = 'Server Username';
$cfg['Servers'][$i]['password'] = 'Server Password';
Replace the Server Username with the username of your database server. By default it is root for localhost.
Replace the Server Password with the password of your database server. By default it remains blank for localhost.
Now, save the file and try to open the MySQL Admin from your browser. Now, you should get redirected to phpMyAdmin automatically.
Please, be aware that now everyone who wants can login!
112
I don't think there is a way to do it without knowing a set of username and password. In the end phpMyAdmin is just the middleware that connect your session to the database.
As far as I know, phpMyAdmin itself does not even have its own user table. It basically tries to login to database with the credentials you provided. If successful, it stores your credentials in their cookies, although they are encrypted. That's why phpMyAdmin asks for a Blowfish secret in your config file, to store your credentials more securely.
What is closest that you can get what you want is actually built-in to phpMyAdmin, see http://wiki.phpmyadmin.net/pma/Auth_types on Single Sign-on.
auth_type signon is a feature to allow phpMyAdmin to integrate with Single Sign-on (SSO) systems. Administrators can configure their phpMyAdmin installations to get a MySQL username and password from an existing SSO session, allowing the user sign in once to a control panel, for example, and then switching between applications such as phpMyAdmin without the need to log in again.
To me I would create a new user for each of your user account e.g. a user called foo might have a SSO-only account called foo_mysql. Then store foo_mysql and its password (encrypted) into your database. When your user tries to access phpMyAdmin from your admin portal, you sign them on with the "signon" auth type setup as described in http://wiki.phpmyadmin.net/pma/Auth_types#signon.
A more secure way (but I still have my own doubt) could be that you create a temporary SSO-only account only when needed. For example, generate a new random foo_4f65ca1d each time the user requests to access phpMyAdmin from your admin portal. Then send the new credentials over to phpMyAdmin.
Once you have passed it to phpMyAdmin, it will be phpMyAdmin that manages the credentials the usual phpMyAdmin way. When the user logs out from your portal, delete the temporary user. Or set up a scheduled task to delete them after a set period (probably a period in sync with phpMyAdmin session length).
This way the account itself behaves pretty much like a user session. You don't even have to store those credentials, plaintext or encrypted in your database.
I'm no security expert here but I hope this could fire off some discussion or some other more secure solutions.
30
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
