should i be using phpmyadmin?

Questions about the MySQL, PostgreSQL, and most other databases, as well as using it with PHP can be asked here.

Moderator: General Moderators

Post Reply
User avatar
Obadiah
Forum Regular
Posts: 580
Joined: Mon Jul 31, 2006 9:13 am
Location: Ashland, KY
Contact:

should i be using phpmyadmin?

Post by Obadiah »

Hi guys, I had to build a audit program for work that carries alot of sensitive information, it only has text stored in it at the moment, however im concerened because i have read several places that phpmyadmin cannot hold large databases. Is there anything else out there I can use besides access. I would kinda like to stick to the mysql side of things. nothing has happened yet....but i like to have a backup plan before things does happen.
User avatar
prefer32bits
Forum Newbie
Posts: 10
Joined: Sat Jan 01, 2011 11:55 pm
Location: San Jose, CA

Re: should i be using phpmyadmin?

Post by prefer32bits »

PHPMyAdmin is just a PHP program that aids in managing MySQL databases. It dosen't "hold" databases. So it is safe. Just hash your data.
User avatar
califdon
Jack of Zircons
Posts: 4484
Joined: Thu Nov 09, 2006 8:30 pm
Location: California, USA

Re: should i be using phpmyadmin?

Post by califdon »

Security depends on the environment in which this database operates. Is it on an internal network? What is your backup strategy? How secure is the physical environment? Are you going to use encryption to store sensitive data? How many people will have access to the data? How will they be authenticated? PHPMyAdmin is a tool for the database administrator to use; it should not be considered as software for users to use the database. If this is truly sensitive information, you need to have an experienced database developer design a secure application for you. (Disclaimer: I am not a security expert.)
User avatar
Obadiah
Forum Regular
Posts: 580
Joined: Mon Jul 31, 2006 9:13 am
Location: Ashland, KY
Contact:

Re: should i be using phpmyadmin?

Post by Obadiah »

its not the security im bothered with. the only sensitive information in it is the passwords and yes they are being hashed. it is an audit program that holds percentages that the VP's will review. but each record has some 40 columes in it and it is to be used by 70+ departments weekly and/or monthly. i just wanna make sure im not gonna loose any data becase they need to be able to look at the past years data. The table holding the data has an auto incrementing field that it wouldnot let me set the value above 255...so i am a bit nervous...i never really had to upkeep a database...i never had to worry about this before
User avatar
califdon
Jack of Zircons
Posts: 4484
Joined: Thu Nov 09, 2006 8:30 pm
Location: California, USA

Re: should i be using phpmyadmin?

Post by califdon »

Obadiah wrote:its not the security im bothered with. the only sensitive information in it is the passwords and yes they are being hashed. it is an audit program that holds percentages that the VP's will review. but each record has some 40 columes in it and it is to be used by 70+ departments weekly and/or monthly. i just wanna make sure im not gonna loose any data becase they need to be able to look at the past years data. The table holding the data has an auto incrementing field that it wouldnot let me set the value above 255...so i am a bit nervous...i never really had to upkeep a database...i never had to worry about this before
Your description doesn't sound like it's a particularly large database. If you are using MySQL, the normal field type would be an Unsigned INT, giving you over 4 billion as an upper limit. If your auto-increment field is limited to 255, the field type is terribly wrong.

So I'm not sure what your question really is. It sounds like you are worried about data corruption. That's a matter of application programs design and a disciplined backup routine. Does your organization have an IT department or at least a technician?

As was said previously, phpMyAdmin is a database administrator's maintenance tool, it is not suitable for users to routinely access data. That should always be done by custom PHP scripts or the equivalent.
User avatar
Obadiah
Forum Regular
Posts: 580
Joined: Mon Jul 31, 2006 9:13 am
Location: Ashland, KY
Contact:

Re: should i be using phpmyadmin?

Post by Obadiah »

OK....I appologize if i have been vague. I work in the IT department in my company. I have desiged a website in php/mysql that allows users to enter monthy and weekly data. In one of the tables in my database there is a column i named "num" it is the primary key set to auto increment everytime a user enters data in the website. It only allows me to enter 255 in the length/value. will this be an issue. will it store more than 255 records...or does 255 mean a number 255 charecters long. also, about phpmyadmin i know its a gui tool of types but as precautionary methods what are some things that I can do to prevent loss of data.
User avatar
califdon
Jack of Zircons
Posts: 4484
Joined: Thu Nov 09, 2006 8:30 pm
Location: California, USA

Re: should i be using phpmyadmin?

Post by califdon »

Ah! No, the 255 refers to the length of the field; that should be reduced to, say, 10 or 11. When creating a table, there is never a reference to the number of records the table can store.

You will want to use phpMyAdmin when you are creating or modifying your database, and perhaps doing some ad hoc queries to gather information used in administering the database, such as searching for corrupted data. You definitely should NOT plan to allow users to use that development tool. Users should interface with your database through PHP (assuming you are using Apache web server) scripts that present user-friendly screens and data entry forms and incorporate whatever security controls you deem necessary. If this interface is desired to be available over the Internet, your security concerns will be much higher than if it is only going to be used on a local network. But in all cases, the security is primarily a matter of the application scripts. This is a very large topic and the subject of many books, and we have a separate forum here for PHP - Security, if you have any questions about this.
AGISB
Forum Contributor
Posts: 422
Joined: Fri Jul 09, 2004 1:23 am

Re: should i be using phpmyadmin?

Post by AGISB »

Obadiah wrote:OK....I appologize if i have been vague. I work in the IT department in my company. I have desiged a website in php/mysql that allows users to enter monthy and weekly data. In one of the tables in my database there is a column i named "num" it is the primary key set to auto increment everytime a user enters data in the website. It only allows me to enter 255 in the length/value. will this be an issue. will it store more than 255 records...or does 255 mean a number 255 charecters long. also, about phpmyadmin i know its a gui tool of types but as precautionary methods what are some things that I can do to prevent loss of data.
I really hope that this data is only accessable by Intranet, because I fear for the security of that application when I see the lack of database understanding ... you should really look into it deeper than asking at a forum.

The 'num' field should be INT and the lenght table can be left out as INT will choose its own lenght when created. You should choose unsigned as well as you probably don't need negative values. INT will store 4294967295 entries in the database which should be enough. You can choose BIG INT which stores 18446744073709551615 entries but you might have problems accessing those with php.
User avatar
Obadiah
Forum Regular
Posts: 580
Joined: Mon Jul 31, 2006 9:13 am
Location: Ashland, KY
Contact:

Re: should i be using phpmyadmin?

Post by Obadiah »

AGISB wrote:
Obadiah wrote:OK....I appologize if i have been vague. I work in the IT department in my company. I have desiged a website in php/mysql that allows users to enter monthy and weekly data. In one of the tables in my database there is a column i named "num" it is the primary key set to auto increment everytime a user enters data in the website. It only allows me to enter 255 in the length/value. will this be an issue. will it store more than 255 records...or does 255 mean a number 255 charecters long. also, about phpmyadmin i know its a gui tool of types but as precautionary methods what are some things that I can do to prevent loss of data.
I really hope that this data is only accessable by Intranet, because I fear for the security of that application when I see the lack of database understanding ... you should really look into it deeper than asking at a forum.

The 'num' field should be INT and the lenght table can be left out as INT will choose its own lenght when created. You should choose unsigned as well as you probably don't need negative values. INT will store 4294967295 entries in the database which should be enough. You can choose BIG INT which stores 18446744073709551615 entries but you might have problems accessing those with php.

i use xampp, Its really user friendly even for those of us who dont understand much about the dbamin side of things and has a page that helps you to secure it. I have made several websites and have had no issue with security. I know that the only way the user is to interact with the DB is through the use of your php scripts and that those queries need to be sanitized. I have done that. I have been working with php for a while now. I only had a question as to why phpmyadmin int value length only allowed a number of 255 as a biggest number and if that number was the actual number it incremented to since its required that you put one there. I have researched much about phpmyadmin and know it is only a tool not sql itself which can be also accessed from CMD. I was only wanting to and still wish to expand my knowlegedge and get some direction from a great community, one that i visit quite often. I have learned much here and always eager to learn more :)
User avatar
Obadiah
Forum Regular
Posts: 580
Joined: Mon Jul 31, 2006 9:13 am
Location: Ashland, KY
Contact:

Re: should i be using phpmyadmin?

Post by Obadiah »

califdon wrote:Ah! No, the 255 refers to the length of the field; that should be reduced to, say, 10 or 11. When creating a table, there is never a reference to the number of records the table can store.

You will want to use phpMyAdmin when you are creating or modifying your database, and perhaps doing some ad hoc queries to gather information used in administering the database, such as searching for corrupted data. You definitely should NOT plan to allow users to use that development tool. Users should interface with your database through PHP (assuming you are using Apache web server) scripts that present user-friendly screens and data entry forms and incorporate whatever security controls you deem necessary. If this interface is desired to be available over the Internet, your security concerns will be much higher than if it is only going to be used on a local network. But in all cases, the security is primarily a matter of the application scripts. This is a very large topic and the subject of many books, and we have a separate forum here for PHP - Security, if you have any questions about this.
califdon your awsome....i miss the old days of having fun, using aol speek only to bother feyd and getting him to delete and move around messages :lol: but but back on topic...the users do not have direct access to the db...they do not even know a db exist. The end user puts in a username and a password and presses enter and upon login like magic their information apears...to the unaware user its "the gods grace" to us its simple "slight of script"...i will look into the security forum to be sure im taking good measures though. By the way...i saw everah on the other day, but where is pimptastic, spacegoat, twigglematic and the gang...and what happened to feyd?
Post Reply