📄 documentation.html
字号:
chmod o+w config/config.inc.php # give it world writable permissions</pre> On other platforms, simply create the folder and ensure that your web server has read and write access to it. <a href="#faq1_26">FAQ 1.26</a> can help with this.<br /><br /> Next, open <tt><a href="setup/">setup/</a> </tt>in your browser. Note that <strong>changes are not saved to disk until explicitly choose <tt>Save</tt></strong> from the <i>Configuration</i> area of the screen. Normally the script saves the new config.inc.php to the <tt>config/</tt> directory, but if the webserver does not have the proper permissions you may see the error "Cannot load or save configuration." Ensure that the <tt> config/</tt> directory exists and has the proper permissions - or use the <tt>Download</tt> link to save the config file locally and upload (via FTP or some similar means) to the proper location.<br /><br /> Once the file has been saved, it must be moved out of the <tt> config/</tt> directory and the permissions must be reset, again as a security measure:<pre>mv config/config.inc.php . # move file to current directorychmod o-rw config.inc.php # remove world read and write permissions</pre> Now the file is ready to be used. You can choose to review or edit the file with your favorite editor, if you prefer to set some advanced options which the setup script does not provide.</li></ul></li> <li>If you are using the <tt>auth_type</tt> "config", it is suggested that you protect the phpMyAdmin installation directory because using config does not require a user to enter a password to access the phpMyAdmin installation. Use of an alternate authentication method is recommended, for example with HTTP–AUTH in a <a href="#glossary"><i>.htaccess</i></a> file or switch to using <tt>auth_type</tt> cookie or http. See the <a href="#faqmultiuser"> multi–user sub–section</a> of this <abbr title="Frequently Asked Questions">FAQ</abbr> for additional information, especially <a href="#faq4_4"> <abbr title="Frequently Asked Questions">FAQ</abbr> 4.4</a>.</li> <li>Open the <a href="index.php">main phpMyAdmin directory</a> in your browser. phpMyAdmin should now display a welcome screen and your databases, or a login dialog if using <abbr title="HyperText Transfer Protocol">HTTP</abbr> or cookie authentication mode.</li> <li>You should deny access to the <tt>./libraries</tt> subfolder in your webserver configuration. For Apache you can use supplied .htaccess file in that folder, for other webservers, you should configure this yourself. Such configuration prevents from possible path exposure and cross side scripting vulnerabilities that might happen to be found in that code.</li></ol><h3 id="linked-tables">Linked-tables infrastructure</h3><p> For a whole set of new features (bookmarks, comments, <abbr title="structured query language">SQL</abbr>-history, <abbr title="Portable Document Format">PDF</abbr>-generation, field contents transformation, etc.) you need to create a set of special tables. Those tables can be located in your own database, or in a central database for a multi-user installation (this database would then be accessed by the controluser, so no other user should have rights to it).</p><p> Please look at your <tt>./scripts/</tt> directory, where you should find a file called <i>create_tables.sql</i>. (If you are using a Windows server, pay special attention to <a href="#faq1_23"> <abbr title="Frequently Asked Questions">FAQ</abbr> 1.23</a>).</p><p> If you already had this infrastructure and upgraded to MySQL 4.1.2 or newer, please use <i>./scripts/upgrade_tables_mysql_4_1_2+.sql</i>.</p><p> You can use your phpMyAdmin to create the tables for you. Please be aware that you may need special (administrator) privileges to create the database and tables, and that the script may need some tuning, depending on the database name.</p><p> After having imported the <i>./scripts/create_tables.sql</i> file, you should specify the table names in your <i>./config.inc.php</i> file. The directives used for that can be found in the <a href="#config">Configuration section</a>. You will also need to have a controluser with the proper rights to those tables (see section <a href="#authentication_modes">Using authentication modes</a> below).</p><h3 id="upgrading">Upgrading from an older version</h3><p> Simply copy <i>./config.inc.php</i> from your previous installation into the newly unpacked one. Configuration files from very old versions (2.3.0 or before) may require some tweaking as some options have been changed or removed. For compatibility with PHP 6, remove a <tt>set_magic_quotes_runtime(0);</tt> statement that you might find near the end of your configuration file.</p><p> You should <strong>not</strong> copy <tt>libraries/config.default.php</tt> over <tt>config.inc.php</tt> because the default configuration file is version-specific.</p><p> If you have upgraded your MySQL server from a version previous to 4.1.2 to version 4.1.2 or newer and if you use the pmadb/linked table infrastructure, you should run the SQL script found in <tt>scripts/upgrade_tables_mysql_4_1_2+.sql</tt>.</p><h3 id="authentication_modes">Using authentication modes</h3><ul><li><abbr title="HyperText Transfer Protocol">HTTP</abbr> and cookie authentication modes are recommended in a <b>multi-user environment</b> where you want to give users access to their own database and don't want them to play around with others.<br /> Nevertheless be aware that MS Internet Explorer seems to be really buggy about cookies, at least till version 6, and PHP 4.1.1 is also a bit buggy in this area!<br /> Even in a <b>single-user environment</b>, you might prefer to use <abbr title="HyperText Transfer Protocol">HTTP</abbr> or cookie mode so that your user/password pair are not in clear in the configuration file. </li> <li><abbr title="HyperText Transfer Protocol">HTTP</abbr> and cookie authentication modes are more secure: the MySQL login information does not need to be set in the phpMyAdmin configuration file (except possibly for the <a href="#controluser">controluser</a>).<br /> However, keep in mind that the password travels in plain text, unless you are using the HTTPS protocol.<br /> In cookie mode, the password is stored, encrypted with the blowfish algorithm, in a temporary cookie.</li> <li>Note: starting with phpMyAdmin 2.6.1, this section is only applicable if your MySQL server is running with <tt>--skip-show-database</tt>.<br /><br /> For '<abbr title="HyperText Transfer Protocol">HTTP</abbr>' and 'cookie' modes, phpMyAdmin needs a controluser that has <b>only</b> the <tt>SELECT</tt> privilege on the <i>`mysql`.`user` (all columns except `Password`)</i>, <i>`mysql`.`db` (all columns)</i>, <i>`mysql`.`host` (all columns)</i> and <i>`mysql`.`tables_priv` (all columns except `Grantor` and `Timestamp`)</i> tables.<br /> You must specify the details for the <a href="#controluser">controluser</a> in the <tt>config.inc.php</tt> file under the <tt><a href="#cfg_Servers_controluser" class="configrule"> $cfg['Servers'][$i]['controluser']</a></tt> and <tt><a href="#cfg_Servers_controlpass" class="configrule"> $cfg['Servers'][$i]['controlpass']</a></tt> settings.<br /> The following example assumes you want to use <tt>pma</tt> as the controluser and <tt>pmapass</tt> as the controlpass, but <b>this is only an example: use something else in your file!</b> Input these statements from the phpMyAdmin SQL Query window or mysql command–line client.<br /> Of course you have to replace <tt>localhost</tt> with the webserver's host if it's not the same as the MySQL server's one. <pre>GRANT USAGE ON mysql.* TO 'pma'@'localhost' IDENTIFIED BY 'pmapass';GRANT SELECT ( Host, User, Select_priv, Insert_priv, Update_priv, Delete_priv, Create_priv, Drop_priv, Reload_priv, Shutdown_priv, Process_priv, File_priv, Grant_priv, References_priv, Index_priv, Alter_priv, Show_db_priv, Super_priv, Create_tmp_table_priv, Lock_tables_priv, Execute_priv, Repl_slave_priv, Repl_client_priv ) ON mysql.user TO 'pma'@'localhost';GRANT SELECT ON mysql.db TO 'pma'@'localhost';GRANT SELECT ON mysql.host TO 'pma'@'localhost';GRANT SELECT (Host, Db, User, Table_name, Table_priv, Column_priv) ON mysql.tables_priv TO 'pma'@'localhost';</pre> If you want to use the many new relation and bookmark features: <pre>GRANT SELECT, INSERT, UPDATE, DELETE ON <pma_db>.* TO 'pma'@'localhost';</pre> (this of course requires that your <a href="#linked-tables">linked-tables infrastructure</a> be set up).<br /></li> <li>Then each of the <i>true</i> users should be granted a set of privileges on a set of particular databases. Normally you shouldn't give global privileges to an ordinary user, unless you understand the impact of those privileges (for example, you are creating a superuser).<br /> For example, to grant the user <i>real_user</i> with all privileges on the database <i>user_base</i>:<br /> <pre>GRANT ALL PRIVILEGES ON user_base.* TO 'real_user'@localhost IDENTIFIED BY 'real_password';</pre> What the user may now do is controlled entirely by the MySQL user management system.<br /> With <abbr title="HyperText Transfer Protocol">HTTP</abbr> or cookie authentication mode, you don't need to fill the user/password fields inside the <a href="#cfg_Servers" class="configrule">$cfg['Servers']</a> array.</li></ul><h4>'<abbr title="HyperText Transfer Protocol">HTTP</abbr>' authentication mode</h4><ul><li>Uses <abbr title="HyperText Transfer Protocol">HTTP</abbr> Basic authentication method and allows you to log in as any valid MySQL user.</li> <li>Is supported with most PHP configurations. For <abbr title="Internet Information Services">IIS</abbr> (<abbr title="Internet Server Application Programming Interface">ISAPI</abbr>) support using <abbr title="Common Gateway Interface">CGI</abbr> PHP see <a href="#faq1_32"><abbr title="Frequently Asked Questions">FAQ</abbr> 1.32</a>, for using with Apache <abbr title="Common Gateway Interface">CGI</abbr> see <a href="#faq1_35"><abbr title="Frequently Asked Questions">FAQ</abbr> 1.35</a>.</li> <li>See also <a href="#faq4_4"> <abbr title="Frequently Asked Questions">FAQ</abbr> 4.4</a> about not using the <i>.htaccess</i> mechanism along with '<abbr title="HyperText Transfer Protocol">HTTP</abbr>' authentication mode.</li></ul><h4>'cookie' authentication mode</h4><ul><li>You can use this method as a replacement for the <abbr title="HyperText Transfer Protocol">HTTP</abbr> authentication (for example, if you're running <abbr title="Internet Information Services">IIS</abbr>).</li> <li>Obviously, the user must enable cookies in the browser, but this is now a requirement for all authentication modes.</li> <li>With this mode, the user can truly log out of phpMyAdmin and log in back with the same username.</li> <li>If you want to log in to arbitrary server see <a href="#AllowArbitraryServer" class="configrule"> $cfg['AllowArbitraryServer']</a> directive.</li> <li>As mentioned in the <a href="#require">requirements</a> section, having the <tt>mcrypt</tt> extension will speed up access considerably, but is not required.</li></ul><h4>'signon' authentication mode</h4><ul><li>This mode is a convenient way of using credentials from another application to authenticate to phpMyAdmin.</li> <li>The other application has to store login information into session data.</li> <li>More details in the <a href="#cfg_Servers_auth_type">auth_type</a> section.</li></ul><h4>'config' authentication mode</h4><ul><li>This mode is the less secure one because it requires you to fill the <a href="#servers_user" class="configrule"> $cfg['Servers'][$i]['user']</a> and <a href="#servers_user" class="configrule"> $cfg['Servers'][$i]['password']</a> fields (and as a result, anyone who can read your config.inc.php can discover your username and password). <br /> But you don't need to setup a "controluser" here: using the <a href="#servers_only_db" class="configrule"> $cfg['Servers'][$i]['only_db']</a> might be enough.</li> <li>In the <a href="#faqmultiuser"> <abbr title="Internet service provider">ISP</abbr> <abbr title="Frequently Asked Questions">FAQ</abbr></a> section, there is an entry explaining how to protect your configuration file.</li>⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -