Install & Configure phpMyAdmin

Important: CentOS 5.9 is just old enough that it does not meet the minimum requirements for phpMyAdmin 3.x & newer. As of 2013-03-25, phpMyAdmin 2.11.11.3 is the last known version to support the versions of MySQL & PHP included with CentOS 5.9, so please be sure to use it. This will be addressed in a future version of ReadingRecord, most likely at the end of the 2013 summer reading season.

Installation

  • Download & install phpMyAdmin-2.11.11.3 from the phpMyAdmin site. Documentation for installing & configuring phpMyAdmin is also available on the site.

Security Considerations

The following are optional, but recommended, steps to help improve the security of your ReadingRecord server.

  • Read & follow the security recommendations on phpMyAdmin website.
  • If not already doing so, consider using TLS/SSL (https) for access to both phpMyAdmin and ReadingRecord. See the Install & Configure Apache page for details.
  • Potential intruders will often probe for phpMyAdmin by directory name/version, so consider changing the name of the directory 'phpmyadmin' to something difficult to guess.
  • Use Apache access control lists (ACLs) to restrict access to phpMyAdmin. This simple example assumes a path of '/var/www/html/phpmyadmin/'. Create & edit the file '/etc/httpd/conf.d/access_control.conf', replacing the IP addresses with your own and modifying the path as necessary:
    • #
      # Access control directives for *ALL* virtual hosts on this webserver.
      # It is safer to put them here instead of inside a <VirtualHost> directive
      # because they work for both https & https access.
      #
      # From http://httpd.apache.org/docs/2.0/sections.html:
      # It is important to never use <Location> when trying to restrict access to
      # objects in the filesystem. This is because many different webspace
      # locations (URLs) could map to the same filesystem location, allowing your
      # restrictions to be circumvented.
      #
      
      ##############################
      #                            #
      # Limit access to phpMyAdmin #
      #                            #
      ##############################
      
      <Directory "/var/www/html/phpmyadmin/">
          order deny,allow
          allow from 192.168.1.38 # (Support staff desktop #1)
          allow from 192.168.1.50 # (Support staff desktop #2)
          deny from all
      </Directory>
    • Restart Apache. You should only be able to access phpMyAdmin from the IP address(es) listed in the access_control.conf file.

The multi-layered approach used on ReadingRecord servers hosted by the Westminster Public Library and Limited North, LLC uses the following method. One advantage to this method is it prevents phpMyAdmin access from outside the library entirely:

  • Configuring the Linux server with a 2nd IP address (IP alias), to be used for the phpMyAdmin website only.
  • Configuring an Apache virtual host with a separate '/var/www/html/' directory structure & installing phpMyAdmin there.
  • Adding host-based firewall rules restricting access to the 2nd IP address.
  • Using the Apache ACL example above to further restrict access.

This method is not currently documented on the ReadingRecord wiki, but if there's enough interest I may consider doing so.

Navigation

 
docs/install_configure_phpmyadmin.txt (1861 views) · Last modified: 2013/04/04 17:19 by esisler