I just installed MySQL 4.1.0 on my local system. I started up WinMysqlAdmin and it prompted me for a username and password - nothing outside the norm there. Now, I go to install phpMyAdmin. I edit the config file - set the Control username and password. Then I go to the index.php page and it says I'm not allowed in. So I edit the config file and set the general username and password. Still says im not allowed in. I remove the password from the config file and it lets me in - BUT I can't create databases - not good. The only way it lets me do everything is if I set the username to root and the password to nothing. MAJOR security hole. Anyone else had this problem?

Can you help?

You might want to edit the user information with mysql instead of editing the config file. There are rights that go along with the user and my user works just fine. Also it is only a security risk if you dont have a firewall protecting your computer. With the mysql server and the website on the same machine there is no need to have the any outside access to mySQL.

Red :cool:

I just installed MySQL 4.1.0 on my local system. I started up WinMysqlAdmin and it prompted me for a username and password - nothing outside the norm there. Now, I go to install phpMyAdmin. I edit the config file - set the Control username and password. Then I go to the index.php page and it says I'm not allowed in. So I edit the config file and set the general username and password. Still says im not allowed in. I remove the password from the config file and it lets me in - BUT I can't create databases - not good. The only way it lets me do everything is if I set the username to root and the password to nothing. MAJOR security hole. Anyone else had this problem?

Can you help?

Well basically I want to be able to serve pages, and still have people come to them. So you are saying that if I dont allow access to port 3306 it shouldn't be a problem?

Thanks!

[EDIT] I also want to be able to use phpMyAdmin - so won't this be a problem if I the outside user doesn't have to enter a username and password?

So you want to allow others to access you mySQL Directly? If you want to allow others to access your server from outside then yes you will need that port available. Defining direct access...if some has mysqladmin installed in another location and would like to access your mySQL server then port 3306 must be open through the firewall. If you are using mysqladmin on the same machine as the mysql server is located then no you do not need port 3306 open through a firewall. Reason for that is that even though you may be in another location the program (phpmysqladmin) and the server (mySQL) are in the same location.

Hope that helps.
Red

Well basically I want to be able to serve pages, and still have people come to them. So you are saying that if I dont allow access to port 3306 it shouldn't be a problem?

Thanks!

[EDIT] I also want to be able to use phpMyAdmin - so won't this be a problem if I the outside user doesn't have to enter a username and password?

Well, basically, The only way phpMyAdmin works is if I specify root with no password, so anyone who happens to stumble upon the phpMyAdmin directory can edit the database. How do I fix that?

Once you get mysqladmin open you can go to the mysql database and then to the user table. You can either insert your self if you know all the right answers to the fields or you can set a password to root right there. Mine works. But I would not be too stressed over it because if it is on your machine and the firewall does not allow 3306, no one will be able to stumble on to it and access your data.

Red

When I use phpadmin I delete the index.php file and upload it only when I need to use it.
Another option is to use MySqlman (http://www.gossamer-threads.com/scripts/mysqlman/download.htm)