phpMyAdmin on localhost without username and password

How to configure phpMyAdmin with automatic login by setting auth_type to config.

457 views
d

By. Jacob

Edited: 2022-08-15 09:29

A really cool feature of phpMyAdmin is that you can configure it so it automatically logs in. Of course this is normally a security liability in a live environment, but it is incredibly useful for a localized test environment in a Docker- or VM container, whereas on production you would need to add IP restriction or similar security precaution first.

Tip. If you are in a live production environment, instead of publishing the subdomain hosting phpMyAdmin in the public DNS, you can just edit your own local /etc/host file. This way it becomes less obvious that you have phpMyAdmin installed, and a potential attacker will have to guess the correct subdomain. But, you should of course still restrict IP access in live environments..

In order to configure phpMyAdmin so it does not need a username and password, all we have to do is the following:

1. copy or rename the config.sample.inc.php file, located in phpMyAdmin's root (the installation folder). E.g. (/var/www/phpmyadmin/). Personally I prefer to install phpmyadmin in its own folder and have it on a seperate host or subdomain.

Navigate to phpMyAdmin's root folder. E.g.: cd /var/www/phpmyadmin, and then:

cp config.sample.inc.php config.inc.php

The configuration file is now active, and you should not have to reload your web-server or php-fpm.

2. Edit the config.inc.php file, and make sure it contains the following:

/* Authentication type */
$cfg['Servers'][$i]['auth_type'] = 'config';
/* Server parameters */
$cfg['Servers'][$i]['host'] = 'localhost';
$cfg['Servers'][$i]['compress'] = false;
$cfg['Servers'][$i]['AllowNoPassword'] = false;
$cfg['Servers'][$i]['user'] = 'root';
$cfg['Servers'][$i]['password'] = '';

The configuration should become active immediately when you reload your browser window. E.g: http://phpmyadmin/

Some of the options may be present already, but likely commented out. Unfortunately, phpMyAdmin's default config file lacks a few options and comments explaining how to do this, but hopefully this article makes it more clear what to do.

The important parts to pay attention to here are the auth_type and of course user and password; the default auth_type is cookie, but the annoying thing about this is that we need to login, and not least that it will expire in a short period of time, calling us to login yet again. Of cause the expiration time can also be modified, but I think it is way cooler to make phpMyAdmin automatically login.

Also note this must be added in the $cfg['Servers'] configuration array.

If you for some reason can not get the root user to login, you may need to create an extra database user. Read this article to find out how: Create New Users and Grant Privileges

phpMyAdmin will work for both MariaDB and MySQL.

Tell us what you think:

  1. Configuring the blowfish_secret secret passphrase with phpMyAdmin.

More in: phpMyAdmin