Does Facebook use phpMyAdmin

Introduction

While many users need the functionality of a database management system like MariaDB, they may not feel comfortable interacting with the system solely from the MariaDB prompt.

phpMyAdmin was created so that users can interact with MariaDB through a web interface. In this guide, we’ll discuss how to install and secure phpMyAdmin so that you can safely use it to manage your databases on a Debian 10 system.

Prerequisites

Before you get started with this guide, you’ll need the following:

Note:MariaDB is a community-developed fork of MySQL, and although the two programs are closely related, they are not completely interchangeable. While phpMyAdmin was designed specifically for managing MySQL databases and makes reference to MySQL in various dialogue boxes, rest assured that your installation of MariaDB will work correctly with phpMyAdmin.

Finally, there are important security considerations when using software like phpMyAdmin, since it:

  • Communicates directly with your MariaDB installation
  • Handles authentication using MariaDB credentials
  • Executes and returns results for arbitrary SQL queries

For these reasons, and because it is a widely-deployed PHP application which is frequently targeted for attack, you should never run phpMyAdmin on remote systems over a plain HTTP connection.

If you do not have an existing domain configured with an SSL/TLS certificate, you can follow this guide on securing Apache with Let’s Encrypt on Debian 10 to set one up. This will require you to register a domain name, create DNS records for your server, and set up an Apache Virtual Host.

Once you are finished with these steps, you’re ready to get started with this guide.

Step 1 — Installing phpMyAdmin and Recommended Packages

Before installing and configuring phpMyAdmin, the official documentation recommends that you install a few PHP extensions onto your server to enable certain functionalities and improve performance.

If you followed the prerequisite LAMP stack tutorial, several of these modules will have been installed along with the package. However, it’s recommended that you also install these packages:

  • : a PHP extension used to manage non-ASCII strings and convert strings to different encodings
  • : a PHP module that supports uploading files to phpMyAdmin
  • : another PHP module, this one enables support for the GD Graphics Library

First, update your server’s package index if you’ve not done so recently:

Then use to pull down the files and install them on your system:

Next, we can install phpMyAdmin. As of this writing, phpMyAdmin is not available from the default Debian repositories, so you will need to download the source code to your server from the phpMyAdmin site.

In order to do that, navigate to the phpMyAdmin Downloads page, scroll down to the table with download links for the latest stable release, and copy the download link ending in . This link points to an archive file known as a tarball that, when extracted, will create a number of files on your system. At the time of this writing, the latest release is version 4.9.0.1.

Note: On this Downloads page, you will notice that there are download links labeled and . The links will download a version of phpMyAdmin that will allow you to select one of 72 available languages, while the links will only allow you to use phpMyAdmin in English.

This guide will use the package to illustrate how to install phpMyAdmin, but if you plan to use phpMyAdmin in English, you can install the package. Just be sure to replace the links and file names as necessary in the following commands.

Replace the link in the following command with the download link you just copied, then press . This will run the command and download the tarball to your server:

Then extract the tarball:

This will create a number of new files and directories on your server under a parent directory named .

Then run the following command. This will move the directory and all its subdirectories to the directory, the location where phpMyAdmin expects to find its configuration files by default. It will also rename the directory in place to just :

With that, you’ve installed phpMyAdmin, but there are a number of configuration changes you must make in order to be able to access phpMyAdmin through a web browser.

Step 2 — Configuring phpMyAdmin Manually

When installing phpMyAdmin with a package manager, as one might in an Ubuntu environment, phpMyAdmin defaults to a “Zero Configuration” mode which performs several actions automatically to set up the program. Because we installed it from source in this guide, we will need to perform those steps manually.

To begin, make a new directory where phpMyAdmin will store its temporary files:

Set www-data — the Linux user profile that web servers like Apache use by default for normal operations in Ubuntu and Debian systems — as the owner of this directory:

The files you extracted previously include a sample configuration file that you can use as your base configuration file. Make a copy of this file, keeping it in the directory, and rename it :

Open this file using your preferred text editor. Here, we’ll use :

phpMyAdmin uses the authentication method by default, which allows you to log in to phpMyAdmin as any valid MariaDB user with the help of cookies. In this method, the MariaDB user password is stored and encrypted with the Advanced Encryption Standard (AES) algorithm in a temporary cookie.

Historically, phpMyAdmin instead used the Blowfish cipher for this purpose, and this is still reflected in its configuration file. Scroll down to the line that begins with . It will look like this:

/usr/share/phpmyadmin/config.inc.php

In between the single quotes, enter a string of 32 random characters. This isn’t a passphrase you need to remember, it will just be used internally by the AES algorithm:

/usr/share/phpmyadmin/config.inc.php

Note: If the passphrase you enter here is shorter than 32 characters in length, it will result in the encrypted cookies being less secure. Entering a string longer than 32 characters, though, won’t cause any harm.

To generate a truly random string of characters, you can install and use the program:

By default, creates easily pronounceable, though less secure, passwords. However, by including the flag, as in the following command, you can create a completely random, difficult-to-memorize password. Note the final two arguments to this command: , which dictates how long the password string will generate should be; and which tells how many strings it should generate:

Next, scroll down to the comment reading . This section includes some directives that define a MariaDB database user named pma which performs certain administrative tasks within phpMyAdmin. According to the official documentation, this special user account isn’t necessary in cases where only one user will access phpMyAdmin, but it is recommended in multi-user scenarios.

Uncomment the and directives by removing the preceding slashes. Then update the directive to point to a secure password of your choosing. If you don’t do this, the default password will remain in place and unknown users could easily gain access to your database through the phpMyAdmin interface.

After making these changes, this section of the file will look like this:

/usr/share/phpmyadmin/config.inc.php

Below this section, you’ll find another section preceded by a comment reading . This section includes a number of directives that define the phpMyAdmin configuration storage, a database and several tables used by the administrative pma database user. These tables enable a number of features in phpMyAdmin, including Bookmarks, comments, PDF generation, and more.

Uncomment each line in this section by removing the slashes at the beginning of each line so it looks like this:

/usr/share/phpmyadmin/config.inc.php

These tables don’t yet exist, but we will create them shortly.

Lastly, scroll down to the bottom of the file and add the following line. This will configure phpMyAdmin to use the directory you created earlier as its temporary directory. phpMyAdmin will use this temporary directory as a templates cache which allows for faster page loading:

/usr/share/phpmyadmin/config.inc.php

Save and close the file after adding this line. If you used , you can do so by pressing , , then .

Next, you’ll need to create the phpMyAdmin storage database and tables. When you installed phpMyAdmin in the previous step, it came with a file named . This SQL file contains all the commands needed to create the configuration storage database and tables phpMyAdmin needs to function correctly.

Run the following command to use the file to create the configuration storage database and tables:

Following that, you’ll need to create the administrative pma user. Open up the MariaDB prompt:

From the prompt, run the following command to create the pma user and grant it the appropriate permissions. Be sure to change to align with the password you defined in the file:

If haven’t created one already, you should also create a regular MariaDB user for the purpose of managing databases through phpMyAdmin, as it’s recommended that you log in using another account than the pma user. You could create a user that has privileges to all tables within the database, as well as the power to add, change, and remove user privileges, with this command. Whatever privileges you assign to this user, be sure to give it a strong password as well:

Following that, exit the MariaDB shell:

phpMyAdmin is now fully installed and configured on your server. However, your Apache server does not yet know how to serve the application. To resolve this, we will create an Apache configuration file for it.

Step 3 — Configuring Apache to Serve phpMyAdmin

When installing phpMyAdmin from the default repositories, the installation process creates an Apache configuration file automatically and places it in the directory. Because we installed phpMyAdmin from source, however, we will need to create and enable this file manually.

Create a file named in the directory:

Then add the following content to the file

/etc/apache2/conf-available/phpmyadmin.conf

This is the default phpMyAdmin Apache configuration file found on Ubuntu installations, though it will be adequate for a Debian setup as well.

Save and close the file, then enable it by typing:

Then reload the service to put the configuration changes into effect:

Following that, you’ll be able to access the phpMyAdmin login screen by navigating to the following URL in your web browser:

You’ll see the following login screen:

Log in to the interface with the MariaDB username and password you configured. After logging in, you’ll see the user interface, which will look something like this:

Now that you’re able to connect and interact with phpMyAdmin, all that’s left to do is harden your system’s security to protect it from attackers.

Step 4 — Securing Your phpMyAdmin Instance

Because of its ubiquity, phpMyAdmin is a popular target for attackers, and you should take extra care to prevent unauthorized access. One of the easiest ways of doing this is to place a gateway in front of the entire application by using Apache’s built-in authentication and authorization functionalities.

To do this, you must first enable the use of file overrides by editing your Apache configuration file.

Edit the linked file that has been placed in your Apache configuration directory:

Add an directive within the section of the configuration file, like this:

/etc/apache2/conf-available/phpmyadmin.conf

When you have added this line, save and close the file.

To implement the changes you made, restart Apache:

Now that you have enabled use for your application, you need to create one to actually implement some security.

In order for this to be successful, the file must be created within the application directory. You can create the necessary file and open it in your text editor with root privileges by typing:

Within this file, enter the following content:

/usr/share/phpmyadmin/.htaccess

Here is what each of these lines mean:

  • : This line specifies the authentication type that you are implementing. This type will implement password authentication using a password file.
  • : This sets the message for the authentication dialog box. You should keep this generic so that unauthorized users won’t gain any information about what is being protected.
  • : This sets the location of the password file that will be used for authentication. This should be outside of the directories that are being served. We will create this file shortly.
  • : This specifies that only authenticated users should be given access to this resource. This is what actually stops unauthorized users from entering.

When you are finished, save and close the file.

The location that you selected for your password file was . You can now create this file and pass it an initial user with the utility:

You will be prompted to select and confirm a password for the user you are creating. Afterwards, the file is created with the hashed password that you entered.

If you want to enter an additional user, you need to do so without the flag, like this:

Now, when you access your phpMyAdmin subdirectory, you will be prompted for the additional account name and password that you just configured:

After entering the Apache authentication, you’ll be taken to the regular phpMyAdmin authentication page to enter your MariaDB credentials. This setup adds an additional layer of security, which is desirable since phpMyAdmin has suffered from vulnerabilities in the past.

Conclusion

You should now have phpMyAdmin configured and ready to use on your Debian 10 server. Using this interface, you can easily create databases, users, tables, etc., and perform the usual operations like deleting and modifying structures and data.