Shulou(Shulou.com)06/01 Report--

This article, sponsored by ilanniweb, was first published in Mudhang.

For more articles, you can follow my Wechat ilanniweb

In fact, I wanted to write this article a long time ago, but I haven't had time for it. I happened to be a little free this afternoon, so I sorted out this article.

A lot of articles about phpmyadmin can be found in Baidu. In this article, I will introduce how to control the developer's operation to the database through phpmyadmin.

Of course, we can consider the security of the database from three aspects:

1), mysql database server, including the security of the server itself.

2), mysql access rights, including database user rights, and database access methods, etc.

3), the security after mysql database access, including whether to allow the export of data, etc.

Today, we use phpmyadmin to control developers' operations on the database, which is actually a combination of the second and third points to prohibit users from accessing the database and exporting data.

1. Phpmyadmin installation

First of all, let's install phpmyadmin. Here we install it using source code, and install the latest version 4.6.4, as follows:

Wget https://files.phpmyadmin.net/phpMyAdmin/4.6.4/phpMyAdmin-4.6.4-all-languages.zip

Unzip phpMyAdmin-4.6.4-all-languages.zip-d / data/dg/

Mv / data/dg/phpMyAdmin-4.6.4-all-languages/ / data/dg/app_db/

Chmod 755-R / data/dg/app_db/

Note: phpmyadmin requires a lnmp environment, so you need to install the relevant basic environment before running phpmyadmin.

After the phpmyadmin is decompressed and installed, let's configure nginx as follows:

I have enabled the directory indexing function of nginx here, mainly considering that if there are multiple databases, we can distinguish them by directory names.

For example, our online database is as follows:

Visit now, as follows:

From the figure above, we can clearly see that we can now access phpmyadmin normally, but we need to enter the relevant user name and password.

II. Phpmyadmin password-free configuration

In the first chapter, we have installed phpmyadmin. In this chapter, we will configure phpmyadmin without password login access.

Here we take the database app_db as an example. To achieve password-free login access, we also need to create a read-only user ilanniread for the app_db database in the mysql database.

Create the sql statement as follows:

Mysql-hrm-bp183j9f186nd4933.mysql.rds.aliyuncs.com-uroot-uroot-e "grant select on app_db.* to 'ilanniread'@'%' identified by' readonlyQWE'

After the ilanniread has been created, let's now modify the configuration file config.default.php of phpmyadmin.

For the config.default.php file, we only need to modify lines 106,252,259, where line 106 is the connection address of the database, and lines 252 and 259 are the user name and password of the database, respectively. As follows:

After the modification, let's visit again to see the actual effect, as follows:

From the figure above, we can clearly see that currently there is no need to enter the user name and password of the database to access phpmyadmin.

And by doing so, we can also let developers do not need to know the actual address of the database and the database user name and password, relatively speaking, the security is still a lot better.

III. Prohibit phpmyadmin from exporting data

In the second chapter, we have configured password-free access to phpmyadmin, and now we will configure how to disable the export of queried data through phpmyadmin.

By default, phpmyadmin can export the entire database as follows:

To prevent developers from privately exporting the query results, we can do this by renaming the tbl_export.php or export.php files in the phpmyadmin root directory, as follows:

Mv export.php export.php.bak

After the modification, let's export the data as follows:

From the figure above, we can easily see that it is not possible to export data at present, thus achieving our goal of prohibiting phpmyadmin from exporting data.

Note: the export.php file is exported for the entire database. If you want to disable the export after the query, you need to rename the tbl_export.php file.

PS: security is relative, there is no absolute security, we can only guard against gentlemen but not villains.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.