Installing PHPMyAdmin on Windows XP Pro 2




What do we have in this session 2?

  1. Creating the PHPMyAdmin Config File



Creating the PHPMyAdmin Config File


To manually create the file, simply use your text editor to create the file (in this case we just copy to to get minimal configuration file) in the main (top-level) phpmyadmin directory (the one that contains index.php).


To create phpmyadmin config file from file



The phpmyadmin config file


phpmyadmin first loads libraries/config.default.php and then overrides those values with anything found in If the default value is okay for a particular setting, there is no need to include it in

Open in Windows WordPad. You'll need a few modifications to get phpmyadmin working; a simple configuration may look like the following:


$cfg['blowfish_secret'] = 'ajrkt4l6fv92j800';  // use here a value of your choice
$cfg['Servers'][$i]['auth_type']     = 'cookie';








The phpmyadmin blowfish_secret setting


Or, if you prefer to not be prompted every time you log in, modify the config file as follows (we skip this step at this stage). However, using MySQL root user is not recommended. You need to create new MySQL user with appropriate permissions to be used by phpmyadmin (shown later).


$cfg['Servers'][$i]['user']          = 'root';
$cfg['Servers'][$i]['password']      = 'xxxxxxx'; // use here your password
$cfg['Servers'][$i]['auth_type']     = 'config';


For a full explanation of possible configuration values, see the Configuration Section of the phpmyadmin documentation.

Instead of manually editing, you can use the Setup Script. First you must manually create a folder named config in the phpmyadmin directory. This is a security measure. On a Linux/Unix system you can use the following commands:


cd phpMyAdmin
mkdir config                   # create directory for saving
chmod o+rw config              # give it world writable permissions


On other platforms, simply create the folder and ensure that your web server has read and write access to it. For Windows you can configure the folder properties (chmod) through Security page. Right-click on the phpmyadmin folder and choose Properties. Under the tab Security, click on "Add" and select the user "IUSR_machine" from the list. Now set his permissions and it should work.


Invoking the Windows directory properties page





Adding Internet group or user to the existing directory permission security


Adding the Internet guest account of the machine to the web IIS directory


You can verify the Internet account through Computer Management snap-in.


The Windows Internet guest account that can be used to access the web folder (and files)  in IIS


For Unix/Linux, to edit an existing configuration, copy it over first:


cp config/           # copy current configuration for editing
chmod o+w config/     # give it world writable permissions





Next, open setup/ in your browser. Note that changes are not saved to disk until explicitly choose Save from the Configuration area of the screen. Normally the script saves the new to the config directory, but if the web server does not have the proper permissions you may see the error "Cannot load or save configuration" Ensure that the config directory exists and has the proper permissions or upload (via FTP or some similar means) to the proper location. Once the file has been saved, it must be moved out of the config directory and the permissions must be reset, again as a security measure:


mv config/ .         # move file to current directory
chmod o-rw          # remove world read and write permissions
rm -rf config                      # remove the unneeded directory


For Windows as in this case, just delete the config folder. Now the file is ready to be used. You can choose to review or edit the file with your favorite editor, if you prefer to set some advanced options which the setup script does not provide.

If you are using the auth_type "config", it is suggested that you protect the phpmyadmin installation directory because using config does not require a user to enter a password to access the phpmyadmin installation. Use of an alternate authentication method is recommended, for example with HTTP–AUTH in a .htaccess file or switch to using auth_type cookie or http.

Open the main phpmyadmin directory in your browser. phpmyadmin should now display a welcome screen and your databases, or a login dialog if using HTTP or cookie authentication mode. You should deny access to the ./libraries and ./setup/lib subfolders in your web server configuration.


The phpmyadmin libraries and setup subfolder


For Apache you can use supplied .htaccess file in that folder, for other webservers, you should configure this yourself. Such configuration prevents from possible path exposure and cross side scripting vulnerabilities that might happen to be found in that code. It is generally good idea to protect public phpmyadmin installation against access by robots as they usually cannot do anything good there. You can do this using robots.txt file in root of your webserver or limit access by web server configuration. You can find example .htaccess file which can help you achieve this in contrib directory in phpmyadmin.


the .htaccess file and phpmyadmin





< PHPMyAdmin 1 | Java and Opensource Friends | PHPMyAdmin 3 >





PHPMyAdmin 1 | PHPMyAdmin 2 | PHPMyAdmin 3 | PHPMyAdmin 4 | PHPMyAdmin 5 | PHPMyAdmin 6 | PHPMyAdmin 7 | Java and Opensource Friends