PostgreSQL | Installing phpPgAdmin
phpPgAdmin in action
phpPgAdmin is PostgreSQL's answer to the ever-popular
phpMyAdmin. It's a PHP-based web-frontend for administering PostgreSQL
databases - a serverside equivalent of pgAdmin III if you like.
Installation is very simple. The basic requirements are a PHP-enabled webserver, typically Apache, with PHP 4.1 or later, and access to a PostgreSQL server. In the following description I'm assuming a UNIXoid environment such as Linux or OS/X.
First, obtain the source code from the
phpPgAdmin download page.
RPM, Debian and Gentoo packages are available, but unless you particularly need one of these,
an installation from the source package is just as easy. It's just a matter of downloading
it in your preferred format -
packages are available as bz2
(ca. 500KB), gz
(ca. 700KB) and zip
(ca. 800KB) formats -
and unpacking the files in a directory somewhere accessible to your webserver.
If your PostgreSQL server is running on the same server as the webserver, phpPgAdmin's default
configuration will work "out-of-the-box"; if not, you'll need to edit the configuration file located
at conf/config.inc.php
. It should be self-explanatory. There's also a "backup" copy of the
installation file "conf/config.inc.php-dist
".
One problem which occurs quite often is the error message "Login disallowed for security reasons
",
which occurs when trying to login as a user with an empty password, a common situation on (presumably well-protected)
development machines. To enable this kind of login, set the option $conf['owned_only']
in
conf/config.inc.php
to true
.
If you're installing phpPgAdmin on a publicly accessible web server, it's a very good idea
to protect the phpPgAdmin directory with some kind of password protection, such as Apache's
AuthType Basic
. This will not only prevent the login page being indexed by
search engines (and thus providing an interesting attack vector), but also provides an additional
layer of security in the event that phpPgAdmin authentication vulnerablities are discovered. (Note that phpPgAdmin does include a robots.txt
file in
its root directory: this can only be effective if phpPgAdmin is installed
into the webserver's root directory; and in any case robots.txt
only has an advisory function and may not be obeyed by all search engines.
If extra login security is true, then logins via phpPgAdmin with no password or certain usernames (pgsql, postgres, root, administrator)
will be denied.