No more da account username for databases?

S

SupermanInNY

Verified User
Joined
Sep 28, 2004
Messages
419
Hi all,

Previously, I opened an account, say for example: testacct1 in DA.
Then, I'd add databases to it,.. and they all had a prefix for the user and database name:


DB NAME: testacct1_db1
USER NAME: testacct1_user1

DB NAME: testacct1_db2
USER NAME: testacct1_user2


etc.

When I go to the phpMyAdmin, I would use the DA username: testacct1 and the password of my DA account.

Now.. on new servers,.. I can't do that.
I just migrated from CentOS 7 to AlmaLinux 9 and also from CentOS 7 to Ubuntu 22.04

Both have mysql 8

When I restore,. I see there are TWO users for each database.
If I use the above example:


DB NAME: testacct1_db1
USER NAME: testacct1_user1
USERNAME: testacct1


DB NAME: testacct1_db2
USER NAME: testacct1_user2
USERNAME: testacct1


But, when I add a NEW database, it adds only:

DB NAME: testacct1_db3
USER NAME: testacct1_user3

so I'm thinking.. OK.. I'll add the username from the dropdown list,... but the testacct1 just on its own.. doesn't exists there.

Is this a bug?
 
The workaround that I'm using for now.. which brings me to the same solution is to add a NEW user that I create and then I add it manually to all the databases.

Just adding the user:
USER NAME: testacct1_all manually to all the databases and then login in with USER NAME: testacct1_all, I can then see all the databases in the same way.
 
SupermanInNY said:
The workaround that I'm using for now.. which brings me to the same solution is to add a NEW user that I create and then I add it manually to all the databases.

Just adding the user:
USER NAME: testacct1_all manually to all the databases and then login in with USER NAME: testacct1_all, I can then see all the databases in the same way.
Click to expand...

Then if that one database user is compromised then all of your databases can be deleted. I know its convenient but a huge security risk.
 
floyd said:
Then if that one database user is compromised then all of your databases can be deleted. I know its convenient but a huge security risk.
Click to expand...
Need to have the option to view all the databases of a single user in the phpMyAdmin.
That's the only way to do it that I know.
Either way,. that's up to the user's desicion and he is responsible for his own activity.
This username is not used in the config files of the PHP files, so it is just like someone has your DA account credentials. How else is it different?
 
SupermanInNY said:
so it is just like someone has your DA account credentials. How else is it different?
Click to expand...

True, that would be a lot worse. I am just pointing out the security risks and why DA stopped doing it. If someone wants to compromise their security it is up to them. But they should know that they are indeed compromising security.
 
So... issue resolved with understanding of the new way that DA is implementing the security - which is good - separting the DA user (ssh/ftp) from the mysql user. Giving a little more control for the user to decide if he wants to have a shared (secret user) for his phpMyAdmin.
 
To make it easier we are now turning ON PhpMyAdmin password-less integration by default. This ensures users can easily access PhpMyAdmin by only knowing the account password directly from the DA UI. And it is no longer possible to try using account password when configuring website access to the DB.

Using PhpMyAdmin SSO option should remove the need of having a single account that has access to all databases.
 
fln said:
To make it easier we are now turning ON PhpMyAdmin password-less integration by default. This ensures users can easily access PhpMyAdmin by only knowing the account password directly from the DA UI. And it is no longer possible to try using account password when configuring website access to the DB.

Using PhpMyAdmin SSO option should remove the need of having a single account that has access to all databases.
Click to expand...
How do I set this in the new server I just created?
 
If you are running DA 1.666 and have not explicitly disabled it, then it should be enabled by default.

For older DA versions it can be enabled by updating a config flag and re-installing phpmyadmin:

Code: 
da config-set one_click_pma_login 1 --restart
da build phpmyadmin
 
You must log in or register to reply here.
Back
Top