Are you a fan of phpMyAdmin or Adminer TYPO3 extension? Or, Are you new in the TYPO3 world and want to access databases? In this article, you’ll learn why you must avoid TYPO3 extensions (e.g., EXT.phpmyadmin) and adapt a better way to access your TYPO3 MySQL database. Keep reading!
TYPO3 security team was excited and wanted to be sure about security - Especially TYPO3 extensions- because one of the significant reasons to hack TYPO3 CMS. And that’s how I got the idea to write this microblog. According to the TYPO3 security team, it’s bad practice to install and configure any database management extension within production TYPO3 websites.
My dear TYPO3 reader, please don’t get me wrong; this blog does not mean EXT.phpMyAdmin or EXT.adminer are harmful TYPO3 extensions. In real-time practice, Traditional TYPO3 developers may find it helpful to save time, local development, etc. We appreciate the contribution of Andreas Beutel from Mehrwert and Jigal van Hemert to develop and maintain EXT.phpmyadmin & EXT.t3adminer TYPO3 extension.
Modern TYPO3 developers should use Docker and DDEV to configure TYPO3 instances at local development. I’d recommend reading 8 Best TYPO3 Docker Development Approaches and How to Install TYPO3 Docker & DDEV.
In my research, what I found; Surprisingly, TYPO3 people love such 3rd party database management TYPO3 extensions. Here are the facts;
- phpMyAdmin TYPO3 extension download - 290000+ times
- t3adminer TYPO3 extension download - 56000+ times
But there are good things too. Can you believe this; people also created & used the “Uninstall TYPO3 phpMyAdmin extension” TYPO3 extension to remove the phpMyAdmin application automatically - I think some TYPO3 people are earnest about the security of TYPO3 ;)
To be honest, we never use adminer or phpmyadmin kind of TYPO3 extension at our customers' projects. But while exploring one of the old projects of a customer, I found the TYPO3 security team wrote warning notes for extensions like EXT.phpmyadmin and EXT.adminer.
Warning for phpMyAdmin - by TYPO3 Security Team
So, the question is, why should we not use TYPO3 database management tools as TYPO3 extensions like phpMyAdmin and Adminer? Here are the reasons;
Security Report of phpMyAdmin Application
TYPO3 Security Vulnerability
You know what; TYPO3 core is secure primarily; the TYPO3 extensions are always the main reason for security vulnerabilities. In the history of TYPO3 security, critical extensions like phpMyAdmin or Adminer cause serious security damage to the TYPO3 CMS. Because phpMyAdmin is a world-wide popular PHP/MySQL application, it’s easy for hackers to crack it.
TYPO3 Data Security
Whenever you install and configure the phpMyAdmin TYPO3 extension, it will be accessible for TYPO3 users like administrators. I think it's not good practice to provide complete database access to such users - it's a data security issue.
Remove Unwanted TYPO3 Extension
In a real case, phpMyAdmin TYPO3 extension used as temporary by the TYPO3 people - I think that’s fine. But, who will care to make sure it’s uninstalled after your work is done ;)
Here I want to provide you with a list of alternative ways to access your TYPO3 database.
Install Your Dedicated phpMyAdmin or Adminer Application
If you are using MySQL database for your TYPO3 instance, It’s good to install and configure the phpMyAdmin or Adminer application on your server. And, make sure to set the 2nd layer .htaccess password protected ;) In this way, based on roles and responsibilities - your team can have access to the MySQL databases.
Use Database Application Provided By Your Hosters
Mainly your server guys provide dedicated database management applications, and it’s a good idea to keep using them to be more secure ;)
Top 8 Database Tools To Access TYPO3
Apart from the phpMyAdmin application, many database application tools are available to access your TYPO3 MySQL database.
Free multi-platform database tool for developers, database administrators, analysts, and all people who need to work with databases.
Sequel Pro is a fast, easy-to-use Mac database management application for working with MySQL databases.
MySQL Workbench provides DBAs and developers with an integrated tools environment for Database Design & Modeling, SQL Development, Database Administration, Database Migration.
dbForge Studio for MySQL is a universal GUI tool for MySQL and MariaDB database development, management, and administration.
HeidiSQL is free software and has the aim to be easy to learn. "Heidi" lets you see and edit data and structures from computers running one of the database systems MariaDB, MySQL, Microsoft SQL, PostgreSQL, and SQLite.
Toad Edge for MySQL provides a toolset for database development and administration with features such as schema comparison and synchronization, SQL query monitor, robust data import and export, database snapshot creation, advanced JSON editor, and more.
Navicat Monitor 2
Navicat Monitor, the agentless database server instance monitoring tool for MySQL and MariaDB recently added support for SQL Server.
DataGrip by JetBrain (PHPStorm)
Meet DataGrip, a new database IDE that is tailored to suit the specific needs of professional SQL developers.
Access At Your SSH Command-Line
If you are CLI-lovers, you can access and execute your TYPO3 database from CLI as below.
MySQL (from MariaDB 10.4.6, also called MariaDB) is a simple SQL shell (with GNU readline capabilities). It supports interactive and non-interactive use.
MyCLI is a command-line interface for MySQL, MariaDB, and Percona with auto-completion and syntax highlighting.
Thanks for reading the TYPO3 article. I hope you found it helpful.
In simple words, to be secure, Please try to avoid any third-party database management TYPO3 extensions at least in live/production TYPO3 websites. Do you know any better ways to access the TYPO3 database? I'll be happy to receive your suggestion in the comment box.
Be Safe and Secure TYPO3!