How in the world do I admin MySQL undel Plesk 7.5? I'm trying to configure user access to databases. I am running a domain on it's own IP (not main IP of box). While installing Miva Merchant, I don't have access to MySQL from my domain's IP. I know phpMyAdmin is on the server, but I can't figure out how to get to it.

I'm new to Plesk and Miva, so I'm at a bit of a loss.

Thanks for any help!
Aaron

Log into the Plesk Control Panel like normal Aaron. Then go to the domain name in question and click on the Databases icon. If the db is already set up, choose it and you'll see an icon for the built in version of phpMyAdmin.

just remember that the phpmyadmin interface is a pop-up, so add your plesk panel to your allow list and the tool should work.

if you want to manage all db's with 1 phpmyadmin u need to install it on a domain and use the username 'admin' and whatever the admin password is/was when plesk was installed.

Be careful with Gary's suggestion though.

Make sure you install the separate phpMyAdmin in a password protected directory and make doubley sure that access is limited only to those who have responsibility for running the server.

Two reasons. First, with that setup anyone with access will also be able to fiddle with the main PSA database, which can foobar Plesk in a heartbeat if they don't know what they're doing. Second, having access to everybody's database is a very dangerous thing with all sorts of security and fraud implications.

I ran across an (obviously amateur) design/hosting company doing exactly that once, without any password protection and phpMyAdmin installed in a very common phpmyadmin folder of a client web site. I found it completely by mistake. The guy was moving his site to a new server/host and wanted to make sure he didn't lose his own database and didn't trust the old host to do a dump since he was leaving them. Because they hadn't password protected anything and had the admin MySQL user built into phpMyAdmin, I could see every credit card number, cvv, customer name & address etc that had been stored for every e-commerce site on the server. Years of purchase history was sitting there in the open for anyone to happen across.

Needless to say, the potential for credit card fraud was very high for those 700,000+ credit card holders who had made a purchase from one of the 150 or so domains on the server with some sort of shopping cart installed. And this wasn't on any sort of admin domain. It was on a normal client's domain, which means they probably did the same thing for every other domain as well. All anybody had to do was point their browser to hisdomain.com/phpmyadmin and you were in. I was so freaked out by the lack of forethought that I didn't even look if you could do the same thing for all of those other domains!

Of course we had to report it to the authorities and CC companies because of the vast amount of exposure, which ended up closing down the design/hosting company. They were out of business in under two weeks. Sadly, I heard after the fact that several of the sites being hosted on that server also lost their merchant accounts, which basically put them out of business, even though it wasn't their fault the security hole had been opened.

Please remember that there are always security implications for both you and those you host when you open anything up as root or admin. Make sure you take those implications into very serious consideration before jumping into the fire.