I'm having some problems with phpMyAdmin. I'm going to describe them all in a single message because at this point I don't know if they're related or not.
First: I found that the phpMyAdmin packaged with XAMPP has no support for password protection. When it was pointed out to me that this is intentional, I replaced that version with a standard one.
Before I did that, however, I found myself in a situation where my databases were password protected, but phpMyAdmin was quite happy to go into all of them without a password. Later, while I was trying to solve the problem I'll describe next, this ceased to happen. Now the packaged version of phpMyAdmin doesn't work at all, since it can't prompt me to enter the passwords it needs. That's what should have happened all along, so I don't consider it a problem.
But the fact that XAMPP's phpMyAdmin was able to access password-protected databases without a password is a very big problem. Until I understand why it happened, I can't predict whether it may happen again.
- If the system was in a transitional state (e.g., the passwords hadn't been propagated to someplace where they needed to go), I can heave a sigh of relief and thank my stars that the transition is complete.
If XAMPP built some kind of trapdoor into MySQL for the convenience of phpMyAdmin, that's an unacceptable security risk. I need to remove XAMPP's version of MySQL and install a secure one.
If XAMPP's phpMyAdmin takes advantage of a trapdoor in an unmodified version of MySQL, that is even more serious. I need to find a version of MySQL that does not have the trapdoor, or if there is none, I need to report it to the MySQL project as a security-related bug.
Second: in the course of this work I found that when I start Apache through the XAMPP Control Panel, two httpd processes appear in Windows Task Manager. When I stop Apache, both go away. Is this normal? It looks very odd to me, and I saw some error messages which suggested that one of them was interfering with the other.
Third: I've found that there's something magical about the pathname localhost/phpmyadmin -- and not in a good way. If XAMPP's original version of phpMyAdmin is in that location, it runs. (It doesn't work now because of the password protection, but it tries.) If I put the standard version in there, my browser returns an "Object Not Found" page. But if I then change the name of the directory to phpm, or phpmyadmi, or phpmyadminn, or anything except phpmyadmin, it works.
I thought this might be a caching problem, but it doesn't appear to be. I tried using a different brand of browser; it made no difference. I tried clearing my standard browser's cache, then simultaneously closing and reopening the browser and stopping and restarting Apache; that also made no difference.
Ie looked in httpd.conf for some command that might be telling it treat phpadmin specially; I found nothing.
Not being able to run phpMyAdmin from a directory named phpmyadmin is a minor irritation, but I need to know what is happening so that I can know what is not happening. Is this oddity the only forewarning I will get of some problem that will cripple the whole development environment later, when I depend on it? Until I know it isn't, I can't trust the environment at all.