Databases Reference
In-Depth Information
Restricting the List of Databases
Sometimes it is useful to avoid showing in the left panel all the databases to which a
user has access. phpMyAdmin offers two ways of restricting:
only_db
and
hide_db
.
To specify the list of what can be seen, the
only_db
parameter is used. It may contain
a database name or a list of database names. Only these databases will be seen in the
left panel:
$cfg['Servers'][$i]['only_db'] = 'payroll';
$cfg['Servers'][$i]['only_db'] = array('payroll', 'hr);
The database names can contain MySQL wildcard characters like
_
and
%
.
We can also indicate which database names must be hidden with the
hide_db
parameter. It contains a regular expression (
http://en.wikipedia.org/wiki/
Regular_expression
) representing what to exclude. If we do not want users to see
all databases whose names begin with 'secret' we would use
$cfg['Servers'][$i]['hide_db'] = '^secret';
These parameters apply to all users for this server-specific configuration.
These mechanisms do not replace the MySQL privilege
system. Users' rights on other databases still apply, but
they cannot use phpMyAdmin's left panel to navigate to
their other databases or tables.
Protecting In-Transit Data
HTTP is not inherently immune to network sniffing (grabbing sensitive data off the
wire), so if we want to protect not only our username and password but all the data
that travels between our web server and browser, we have to use HTTPS.
To do so, assuming that our web server supports HTTPS, we just have to start
phpMyAdmin by putting
https
instead of
http
in the URL as follows:
https://www.mydomain.com/phpMyAdmin
If we are using
PmaAbsoluteUri
auto-detection:
$cfg['PmaAbsoluteUri'] = '';
phpMyAdmin will see that we are using HTTPS in the URL and react accordingly. If
not, we must put the
https
part in this parameter as follows:
$cfg['PmaAbsoluteUri'] = 'https://www.mydomain.com/phpMyAdmin';
Search WWH ::
Custom Search