So it’s great that we can load this up as part of the start up script for each virtual server, but there’s a few issues and perhaps improvements that cvan be made (is this the right place to suggest improvements ?)
If we are using phpmyadmin - there should also be a “open phpmyadmin” or “manage with phpmyadmin” button that gets created in the edit database virtualmin page (or allow us to create one!)
in the cpanel system, the phpmyadmin login defaults to the same username and password for the main virtual server - is there a way to easily achieve that in the phpmyadmin setup?
When setting the phpmyadmin password Automatically login to phpMyAdmin:Yes - this means it logs in without any authentication at all - making it publicly accessible - which is surely not a safe setting (without at least a warning!)
In cpanel, there are cpsess ids. Is that possible when allowing access to the external phpmyadmin ?
what features does phpmyadmin have that virtualmin does not? I never had the need to install phpmyadmin - the default GUI lets you create dbs, drop tables, or execute commands, import…
phpMyAdmin is very user friendly for the average user.
I use phpMyAdmin to:
Build SQL commands that I can then use in my software. i.e. I make the changes I want to the database and then once it is done I can copy the SQL and use it elsewhere. Very useful for building upgrade scripts.
I can browse the data in a grid layout
I can inline edit specific items in the rows by right clicking
change the table’s default collation
NB: Before anyone says I know you can effectively run everything from the Execute SQL button but this is not a GUI.
I have always been an advocate of embedding phpMyAdmin directly into Virtualmin ust like it is in cPanel, Ples and pretty much all of the other panels.
I understand some people like to use the in-built DB handler, but why re-invent the wheel.
We could probably add a link to the “Edit Databases” page to open phpMyAdmin for the domain user with a single click.
Like, we could call it “Manage in phpMyAdmin” when it’s installed, and place it next to “Manage” button. Or, have a single button in the top right of the table header.
PhpMyAdmin and perhaps roundcube should be installed centrally as this are an integral part of running a hosting company and should not be installed on a per account basis.
No, they shouldn’t. Separate instances are better for security and easier to support. If a virtual server doesn’t have phpMyAdmin installed, then they don’t want things managed with phpMyAdmin for whatever reason.
It will be authenticated with MariaDB domain user credentials.
Not every Virtualmin installation is used for public customer hosting. Many setups are private, internal, or single‑tenant, where phpMyAdmin or Roundcube would simply sit unused.
On several of my systems, installing both apps would be wasted disk space and additional attack surface for no benefit.
Bundling them system‑wide forces every admin to maintain two extra applications, even if they never use them. Auto‑updates are unreliable for both tools, and breakages often require manual intervention.
Enabling phpMyAdmin by default introduces a tool that many providers intentionally avoid:
– It gives inexperienced users access to a high‑impact administrative interface.
– It encourages unsafe habits. Query experimentation should happen in a controlled environment, not on a shared production host.
– Some companies explicitly forbid phpMyAdmin due to its long CVE history. This is true for many web apps, but phpMyAdmin and Roundcube appear frequently on vulnerability lists. just check phpMyAdmin CVE’s - RoundCube CVE’s - webmin CVE’s - virtualmin CVE’s
Virtualmin’s core purpose is web hosting management, not bundling development or database‑administration toolkits. phpMyAdmin especially falls outside that scope. Roundcube is more debatable, but still not universally needed.
Adding these tools by default also expands the Virtualmin/Webmin support burden: more packages to maintain, more security considerations, more user expectations, and more potential breakage paths.
A “one size fits all” approach doesn’t seem to match the diversity of Virtualmin deployments. Forcing everyone to run these tools just because some hosting companies want them is not a good baseline.
For those who do want centralized installations, a better approach might be an optional feature on the host’s default domain (e.g., serverXX.mycompany.tld) that installs and configures these tools in a controlled way. But even that risks becoming more complex than the current, simple model: install the app only on the domain that actually needs it.
Given all this, I would vote no on making phpMyAdmin or Roundcube system‑wide defaults. Optional, yes. Mandatory, no.
@Ilia The only thing not immediately clear to me is if this button shows up ONLY if phpMyAdmin/phpPgAdmin are installed? If not should there be an install link if they are absent?
I guess my non programmer thinking is what’s easiest? Fill in the button with one of the two choices or just leave it out if nothing is installed?
I do not understand the push back on this feature. Every major panel except for virtualmin does this.
Access to phpmyadmin can be controlled by permissions and in actual fact maintaining it is not an issue and the package manager can take care of this.
Just because it is installed centrally does not mean users have access. In the virtualmin user area is not user friendly so I would never give access anyway. This feature is for me so when I log into a users account I can quickly access and edit their databases without the need for root or my main admin account which prevents.me breaking stuff.
Perhaps a work around would be to allow setting a single app location for phpmyadmin so when a user clicks on the button to auto login. If this is not set, unless phpmyadmin is set in the users account this button will not exist.
Alright, it’s been implemented! It will require at least a top-level virtual server to have phpMyAdmin installed using “Manage Web Apps” page.
If you install it on a sub-server, it will use a sub-server instance of phpMyAdmin. This is because phpMyAdmin can be configured to have limited access to databases, even for the same database user. Rare, but possible, so keep this in mind.
Anyone wanting to try it now, apply the following patch:
This new feature to open the database in phpMyAdmin depends on existing Virtualmin permissions. If you allow a domain owner to edit databases, it will be available, as long as phpMyAdmin is installed for a top-level domain or a sub-server. If you don’t want them to use phpMyAdmin, just don’t allow web app installation access to domain owners or exclude phpMyAdmin entirely.
However, nothing stops them from installing it manually. If you give them access to “Edit Database” page, they can get the login and password for their database and use it manually.
Currently, installing it on a top-level server makes it available for that server and all sub-domains. If you want more control for each sub-server, just install it for that sub-server. The overhead is minimal, and it allows users to have their own instance of phpMyAdmin that they can configure any way they want.
