I’ve been strugling to get my head around configuring phpmyadmin for a multiuser setup. For one thing I don’t want users to enable ‘statistics’ through phpmyadmin ’cause it generates to much traffic between the phpmyadmin server and our mysql backend server. I also want to hide mysql variables and phpmyadmin ‘status’ tab mainly because of security .
I phpmyadmin theres a ./libraries/server_links.inc.php file where you can comment out the code related to the tabs ‘databases’, ‘status’ and ‘vars’ tab’s.
/** * Displays tab links */ $tabs = array(); /*$tabs['databases']['icon'] = 's_db.png'; $tabs['databases']['link'] = 'server_databases.php'; $tabs['databases']['text'] = $strDatabases;*/ $tabs['sql']['icon'] = 'b_sql.png'; $tabs['sql']['link'] = 'server_sql.php'; $tabs['sql']['text'] = $strSQL; /*$tabs['status']['icon'] = 's_status.png'; $tabs['status']['link'] = 'server_status.php'; $tabs['status']['text'] = $strStatus;*/ /*$tabs['vars']['icon'] = 's_vars.png'; $tabs['vars']['link'] = 'server_variables.php'; $tabs['vars']['text'] = $strServerTabVariables;*/ $tabs['charset']['icon'] = 's_asci.png'; $tabs['charset']['link'] = 'server_collations.php'; $tabs['charset']['text'] = $strCharsets; $tabs['engine']['icon'] = 'b_engine.png'; $tabs['engine']['link'] = 'server_engines.php'; $tabs['engine']['text'] = $strEngines; [ ... ]
Now those tab’s are hidden, but for hack’ish users, they can probably call for instance server_databases.php directly, so I’ve removed those files entirely from the phpmyadmin webroot ..
Note: According to wiki.phpmyadmin.net I should be able to disable the ‘statistics’ link with
$cfg['ShowStats'] = FALSE;
in config.inc.php, but in my setup with phpmyadmin 3.3.9 I just couldn’t make that happen.
You can insert a simple if statement ..like this:
if ($is_superuser) {
$tabs[‘status’][‘icon’] = ‘s_status.png’;
$tabs[‘status’][‘link’] = ‘server_status.php’;
$tabs[‘status’][‘text’] = $strStatus;
}
Bye..
ah, cheers for the input ! 🙂