phpMyAdmin Block Access to Single Database

Question

I want to restrict access to a single database in phpMyAdmin. Is this possible? I am making a application that will be installed on client PC and will work in local server. I want to restrict others viewing the database and tables.

Or is it possible someway through .htaccess as database name is passed onto URL -

http://localhost/phpmyadmin/#PMAURL-4:index.php?db=dbname&table=&server=1&target=&token=457a0c4ec42cbe72f72786efa1aaf530

Answer 1

I'd suggest use MySQL permissions to restrict the user from seeing the other databases. When you create the user for your application, don't select any global privileges (on the first screen when creating/editing a user). If you're creating the user, you'll be taken back to the Users screen where you should click Edit Privileges (if you're editing an existing user, just scroll down a bit). Halfway down the Edit Privileges page for your user, you'll see "Database-specific privileges". Select your database from the dropdown and then edit their privileges on the resulting page.

This way, you'll use the MySQL privilege system to restrict the users to only accessing the database you want them to use. Restrictions based on blocking the phpMyAdmin URL are incomplete and give a false sense of security (because SQL queries can still access the other databases, the other databases are shown, and even some phpMyAdmin options will allow the user to interact with those databases), not to mention the extreme user un-friendliness that happens when you block their attempted action without explaining why (as would happen if you rewrote or redirected based on the URL).

Answer 2

You can block it by putting this rule on top of phpmyadmin/.htaccess:

RewriteEngine On

RewriteCond %{QUERY_STRING} (^|&)db=dbname(&|$) [NC]
RewriteRule ^ - [F]

But there might be other ways of blocking access to this DB by changing user permissions directly in MySQL database also.