Phpmyadmin and hiding ‘stuff’

I’ve been strugling to get my head around configuring phpmyadmin for a multiuser setup. For one thing I don’t want users to enable ‘statistics’ through phpmyadmin ’cause it generates to much traffic between the phpmyadmin server and our mysql backend server. I also want to hide mysql variables and phpmyadmin ‘status’ tab mainly because of security .
I phpmyadmin theres a ./libraries/server_links.inc.php file where you can comment out the code related to the tabs ‘databases’, ‘status’ and ‘vars’ tab’s.


/**
 * Displays tab links
 */
$tabs = array();

/*$tabs['databases']['icon'] = 's_db.png';
$tabs['databases']['link'] = 'server_databases.php';
$tabs['databases']['text'] = $strDatabases;*/

$tabs['sql']['icon'] = 'b_sql.png';
$tabs['sql']['link'] = 'server_sql.php';
$tabs['sql']['text'] = $strSQL;

/*$tabs['status']['icon'] = 's_status.png';
$tabs['status']['link'] = 'server_status.php';
$tabs['status']['text'] = $strStatus;*/

/*$tabs['vars']['icon'] = 's_vars.png';
$tabs['vars']['link'] = 'server_variables.php';
$tabs['vars']['text'] = $strServerTabVariables;*/

$tabs['charset']['icon'] = 's_asci.png';
$tabs['charset']['link'] = 'server_collations.php';
$tabs['charset']['text'] = $strCharsets;

$tabs['engine']['icon'] = 'b_engine.png';
$tabs['engine']['link'] = 'server_engines.php';
$tabs['engine']['text'] = $strEngines;
[ ... ]

Now those tab’s are hidden, but for hack’ish users, they can probably call for instance server_databases.php directly, so I’ve removed those files entirely from the phpmyadmin webroot ..
Note: According to wiki.phpmyadmin.net I should be able to disable the ‘statistics’ link with

$cfg['ShowStats']             = FALSE;

in config.inc.php, but in my setup with phpmyadmin 3.3.9 I just couldn’t make that happen.

2 comments on “Phpmyadmin and hiding ‘stuff’

  1. Amedeo Rinaldo March 1, 2012 7:37 am

    You can insert a simple if statement ..like this:

    if ($is_superuser) {
    $tabs[‘status’][‘icon’] = ‘s_status.png’;
    $tabs[‘status’][‘link’] = ‘server_status.php’;
    $tabs[‘status’][‘text’] = $strStatus;
    }

    Bye..

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>