Security / Server Setup

Stop installing phpMyAdmin

by ,


We have by far the largest RPM repository with NGINX module packages and VMODs for Varnish. If you want to install NGINX, Varnish, and lots of useful performance/security software with smooth yum upgrades for production use, this is the repository for you.
Active subscription is required.

phpMyAdmin is a completely unnecessary and insecure software that has already collected 252 CVE registered vulnerabilities over its lifetime.

Many beginner server administrators, not surprisingly, install it nonetheless. Simply because over the history of its existence, phpMyAdmin also gained its share of popularity. There are still many references all over the web, promoting its use.

But it’s lesser-known that you don’t have to install anything on the server to browse your database interactively.

Meet the convenience of fast and secure SQL GUI clients to interact with your database remotely.

Stop installing phpMyAdmin, please!

SSH access and any modern SQL client is all that is needed to access your database in a nice visual way.
The odds that you are unable to SSH to the box you want to browse the database from are virtually none.
It is true that any modern MySQL GUI client will work in a similar fashion.

For our example instruction here we will go through MySQL connection using MySQL Workbench on Windows 10.
This is to cover our less-tech-savvy audience, which are the ones so notorious for itching to install phpMyAdmin and other insecurities onto a Linux box 🙂

Step 1. Download and launch MySQL Workbench

On a new Windows installation, you are likely lacking some libraries required. Ensure the latest Microsoft Visual C++ Redistributable from this link.
Then, proceed to the download page of MySQL Workbench and install it.

Then launch it.

Step 2. Create a MySQL connection

Locate the button to create a connection profile:

In the opened dialog titled “Setup New Connection”, make the following inputs:

  • Connection Name: An arbitrary string describing what you are connecting to, for example, “My VPS Database”
  • Connection Method: Standard TCP/IP over SSH
  • SSH Hostname: the public IP of your MySQL server. For a LEMP stack, this is the same as a public server IP of your webserver, or you can input a server’s fully qualified name as long as it eventually resolves to the server IP.
  • SSH Username: any SSH username that you already can connect with. Example SSH root user
  • SSH Password: SSH user’s password. If you entered root above, then, it is your SSH root user’s password. If another user, then its password, etc. After making the input, click “Store in Vault…” so that it’s remembered
  • MySQL Hostname: set it to 127.0.0.1 – that is the most important thing beginners don’t initially understand, but it should be this way most of the time. Your SQL client (MySQL Workbench in this case) will first connect using the SSH details above, and this connection now becomes “local” to the server, so once it already established an SSH connection to the server, now it needs to make another connection from server to the MySQL running on the same server, which is at 127.0.0.1
  • MySQL Server Port: set it 3306
  • Username: root
  • Password: password of MySQL’s root user. After entering, likewise, click “Store in Vault…” for it to be remembered
Creating MySQL Workbench Connection
Creating MySQL Workbench Connection

Click “Test Connection”. Upon the first test, you will be presented with a small dialog saying that the host authenticity cannot be verified. This is a normal thing, you have to accept the host’s SSH fingerprint, and click OK.

Initial test requires accepting SSH fingerprint
Initial test requires accepting SSH fingerprint

The test will now succeed, if all the details were entered correctly in the connection form earlier:

Successful SSH connection in MySQL Workbench
Successful SSH connection in MySQL Workbench

Now click OK.

Step 3. Connect to your MySQL server

You will now see your connection was added to the list of connections on the main screen:

List of connections in MySQL Workbench
List of connections in MySQL Workbench

Simply click it and it will be shortly established. There you go, your secure, fast and easy to install phpMyAdmin alternative is ready:

Better than phpMyAdmin
Better than phpMyAdmin

Not only you can issue queries against your server, but you can also do the same thing you would normally do with phpMyAdmin, and more, like controlling your MySQL service runtime.
Simply exploring your client by going through the main and context menus is a good way to get familiar with its feature set.

More security

Stepping from the use of phpMyAdmin into a MySQL GUI client is a huge security improvement since you no longer need to compromise your web server with a well-known insecure software.
But there are far more things you can do like setting up key-based SSH authentication instead of passwords and not using SSH/MySQL root users.

We intentionally did not cover these topics to keep the article short and easy to understand for those who need to at least make the first right step of no longer using phpMyAdmin in the first place.

Keep your server clean and lean, stop installing phpMyAdmin. There, I said it a few times and I hope these words will save you time for installing phpMyAdmin, and time again when your server’s database would be compromised because you installed it.

Installing a GUI client is much faster, easier, and any GUI client is far more feature-rich than phpMyAdmin.

But if you’re not convinced and if you have to…, at least do it right.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: