Since a lot of users require the functionality of a database management system such as MySQL, they might not feel comfortable when interacting with the system solely from the MySQL prompt.
phpMyAdmin was made for users to interact with MySQL using a web interface. In this tutorial we’ll demonstrate how you can install and secure phpMyAdmin so that you may safely use it to manage your databases on Ubuntu 14.04
Before this tutorial there are a couple of things you’ll need.
1.You will need to have a non-root user with sudo privileges.
2.Another thing you’re going to need is a LAMP stack (Linux, Apache, MySQL, and PHP) installation on your Ubuntu 14.04 server.
After you’ve acquired these things you should be ready to get started with this tutorial.
To begin, we could just install phpMyAdmin using the default repositories.
We could do this by updating our local package index afterwards we will use the apt packaging system to pull down the files and install them on our system:
sudo apt-get update
sudo apt-get install phpmyadmin
This should prompt you a couple questions so you configure your installation correctly.
1.When at the server selection, select apache2.
2.Choose yes after you are prompted whether to use dbconfig-common to set up the database.
3.You are going to be asked for your database administrator’s password.
4.Afterwards you’ll be asked to select and confirm a password for the phpMyAdmin application itself.
During the installation procedure you will get the phpMyAdmin Apache configuration file into the /etc/apache2/conf-enabled/ directory, since it is automatically read.
One thing we’ll have to do is explicitly enable the php5-mcrypt extension, we may do this by entering the following:
sudo php5enmod mcrypt
Then, you’ll have to restart Apache for your changes to take effect:
sudo service apache2 restart
You may now access the web interface by going to your server’s domain name or public IP address followed by /phpmyadmin:
You should now be able to log into the interface with your root username and administrative password you have set up while installing MySQL.
After you have logged in, you are going to see the user interface, it should look like this:
Secure your phpMyAdmin Instance
Since we’ve got our phpMyAdmin interface up and running, we are ready to proceed and secure it, which is an important part because it’s a popular target for attackers.
The best way to do this is placing a gateway in front of the whole application. We could do this with Apache’s built-in .htaccess authentication and authorization functionalities.
Configure Apache to Allow .htaccess Overrides
We’ll have to enable the use of .htaccess file overrides by modifying our Apache’s configuration file.
We have to modify the linked file that was placed in our Apache configuration directory:
sudo nano /etc/apache2/conf-available/phpmyadmin.conf
We have to add an AllowOverride All directive inside the <Directory /usr/share/phpmyadmin> section of the configuration file, as such.
<Directory /usr/share/phpmyadmin> Options FollowSymLinks DirectoryIndex index.php AllowOverride All . . .
After you’ve added this line you can save and exit the file.
To cause the changes to take effect, restart Apache:
sudo service apache2 restart
Create an .htaccess File
Since we’ve got .htaccess enabled, we can use it for our application, we have to create one to really insert some security.
For this to be successful, the file has to be created inside the application directory. We could create the needed file and open it in our text editor with root privileges by entering:
sudo nano /usr/share/phpmyadmin/.htaccess
Inside this file, we have to enter this information:
AuthType Basic AuthName "Restricted Files" AuthUserFile /etc/phpmyadmin/.htpasswd Require valid-user
In case you’re wondering what each of these lines mean, we’ll go over it quickly:
AuthType Basic: What this line does is specifiy the authentication type that we are implementing. This type is going to implement password authentication with a password file.
AuthName: This puts the message for the authentication dialog box. You need to keep this generic so that unauthorized users aren’t gaining any information about what is being protected.
AuthUserFile: This puts the location of the password file which is used for authentication. This has to be outside of the directories that are being served. We will make this file soon.
Require valid-user: This makes sure that only authenticated users are granted access to this resource. Which is what stops unauthorized users from entering.
After you are finished, save and exit the file.
Create the .htpasswd file for Authentication
Since we have specified a location for our password file with the use of the AuthUserFile directive inside our .htacesss file, we have to create this file.
We now require an extra package to finish this procedure. We could install it using our default repositories:
sudo apt-get install apache2-utils
Then, we are going to have the htpasswd utility ready for use.
The location we’ve chosen for the password file was “/etc/phpmyadmin/.htpasswd”. Let’s make this file and pass it an initial user by entering the following:
sudo htpasswd -c /etc/phpmyadmin/.htpasswd username
You will be asked to choose and confirm a password for the user you are making. Then, the file is made with the hashed password you’ve entered.
If you’d like to enter an additional user, you have to do so without the –c flag, as shown here:
sudo htpasswd /etc/phpmyadmin/.htpasswd additionaluser
You will now have access to your phpMyAdmin subdirectory, you will be asked for the additional account name and password that you’ve just configured:
Once you’ve entered the Apache authentication, you should be taken to the usual phpMyAdmin authentication page to type your other credentials. Then it will add an extra layer of security because phpMyAdmin has suffered from vulnerabilities before.
You will now have phpMyAdmin installed and configured, completely ready for use on your Ubuntu 14.04 server. With this interface, you may create databases, users, tables, etc., and perform the usual operations such as deleting and editing structures and data.