Re: Virtual Web Servers, MySQL and Users?
I'm not familiar with the patch that Stojan mentioned, I'm not dealing
with nearly as many users as you are and I'm just using basic
authentication, but my way of handling this was to hack into the
config.inc.php file in the phpMyAdmin directory and set it up so that
the $HTTP_SERVER_VARS["PHP_AUTH_USER"] $HTTP_SERVER_VARS["PHP_AUTH_PW"]
are used to set the $cfgServers['user'] and
$cfgServers['password']. I can't vouch for the (in)security of this
method, but it worked for me. Hope that helps.
Stojan Rancic wrote:
> Hello Marc,
> > But I suspect that once we give the customers MySQL, they will want to
> > have PHPMyAdmin as well. AFAIK, the PHPMyAdmin version from potato
> > gives full access to the databases, allowing users to see data they
> > aren't supposed to see. Am I mistaken here?
> You can (and should) only give the users access to their own database
> ( in the db table of mysql base). They will be able to see the
> existance of other databases, but will not be able to see the tables or
> their entries. There is however also a patch (check out the forum on
> phpmyadmin's webpage) where you can restrict the users to only see
> their "own" database, but it's not in the official distribution.