I am following guidelines in the book, Build your own Database Driven web site using PHP & MySQL. I downloaded WAMP and successfully set up WAMP Server. The PHP is working well on localhost. Now I’m trying to connect a database.
phpMyAdmin is giving me a warnng message, “Your configuration file contains settings (root with no password) that coorespond to the default MySqL privileged account. Your MySQL server is running with this default, is open to intrusion, and you really should fix this security hole.”
I have tried changing the password as described in the text (using mysqladmin in a command window) and the result is that phpMyAdmin blows up and errors. I have undone this and tried setting the MySQL privileges in phpMyAdmin and it also errors and won’t open properly.
How do I set privileges properly? This is a desktop development server only, but I will have to deal with this when I load to the production server as well.
Run this script and post the versions output (it basically identifies the versions of Apache, MySQL and PHP that your using:
<?php
$apache_version = $_SERVER['SERVER_SOFTWARE'];
$php_version = phpversion();
$link = mysqli_connect("localhost", "db_user_name", "db_password");
$mysql_server_version = mysqli_get_server_info($link);
echo "
<p>Apache (Version: $apache_version) is running the following versions of PHP and MySQL:</br>
PHP: $php_version</br>
MySQL: $mysql_server_version</p>
";
?>
Substitute db_user_name and db_password for the relevant values. If it connects ok to MySQL and tells you what version of MySQL server your running then the next step will be to check what username and password phpMyAdmin is using to try to connect to MySQL.
Apache (Version: Apache/2.2.8 (Win32) PHP/5.2.6) is running the following versions of PHP and MySQL:
PHP: 5.2.6
MySQL: 5.0.51b-community-nt
The connection seems to be working and I can connect to a database locally, but the root has no password and I can’t figure out how to set one through phpMyAdmin or mysqladmin.
My privileges look like the below. I set up a user and password but couldn’t change the root and other default users.
On my own server I have a user for each app and a user for myself. I deleted all the root and Any users. phpMyAdmin keeps the user and password it uses in the php file config.inc.php Before you delete either the root or any users you should have sure that you have an all privilages user for accessing phpMyAdmin.
For your local test environment that message can be ignored provided that you don’t allow access to the database from outside of your local network.
If you only have the one computer then provided you don’t allow remote access to the database server the database is only accessible from your computer regardless of what user/passwords you have set up.
Sounds good. I don’t really need to worry about security issues during development. I am going to try and delete the other default users but I will make sure I’ve identified all the confiiguration files first.
Will check back after I’ve worked with it some more.
