Phpmyadmin Access

[Blackcat]

Hi, this may sound a newbie question but I really couldn't find any answer

I need an user, not my cpanel root user, to access a singular db on phpmyadmin

I created the user, the password, add the user to the db, but I can't figure out how he can login to phpmyadmin with his credentials.

Is it possibile or it is restricted to cpanel user?

Thanks

[TCH-Bruce]

You can't with the cPanel version of phpAdmin. Not sure you can install a version in your own web space that they would be able to use but something to look into.

[OJB]

In Cpanel there is the option for "Remote MySQL". If your friend has a static IP address, you could allow MySQL access to their IP.

 

Then they could use something like MySQL Query Browser (or Workbench which is the latest version) and they could connect remotely.

 

Obviously opening up MySQL access to a remote IP has inherent security risks that come with it so be careful with who you allow access to. The ideal is to just allow a single static IP, but you can set a wildcard (represented with a % symbol) and allow any one access - but this is not recommended and you do so at your own risk.

[SteveW]

Either method could allow a brute-force password guessing attack to succeed unless all your passwords for all your MySQL database users (not just the new one you created) are very secure, an absolute minimum of 12 completely random characters, upper/lower/punct. More is better. If you don't use punct, make the password at least 2 chars longer to compensate.

 

With the phpMyAdmin method, you'd need to make sure that your version of phpMyAdmin is always kept up to date, which could sometimes involve installing an update about once a month based on the history at http://secunia.com/a...task=advisories .

 

You could add an additional layer of security by password protecting (in cPanel) the folder where you install phpMyAdmin. Your user will have to log in to the folder first (with the folder password), and then into phpMyAdmin (with their MySQL user password).

 

 

The method of connecting directly to MySQL has the advantage that you don't have to keep software updated, but its security depends entirely on the strength of your MySQL passwords (unless you can also use the IP address restriction).

 

With either method, "grant" to your new user only the specific permissions (SELECT, UPDATE, etc.) that they'll need for performing the actions you're allowing them to do, and only for the specific database they'll be using.

 

If you set it up carefully, it looks to me that either method can be done quite securely.

 

After setting it up, you could log in as the new user and browse around to make sure you're not allowing them to see or do things you'd prefer they couldn't.

Edited March 24, 2012 by SteveW