Hacker News new | past | comments | ask | show | jobs | submit login
Adminer: Database management in a single PHP file (github.com/vrana)
66 points by lsferreira42 on May 30, 2022 | hide | past | favorite | 29 comments



It's wonderful tool and has simplified workflows for many, just be mindful of its one giant security implication. Should your database credentials ever leak in any way (lost/stolen property, incorrect git commit, screencasting mishap, ...), having an Adminer/phpMyAdmin instance running on an otherwise unrestricted address, you're opening up (quite literally) your server to a world of trouble.

(I speak from experience. I've seen a lot of credentials leak together with source code. This meant I saw "secret" paths where Adminer was hosted on a given site. Having database credentials meant I didn't have to somehow circumvent network security to get to the database itself. [Yes, I disclosed all of this to the server operator and even got a measly $50 gift card out of it :-)])


Yeah, at previous jobs there has been a db.devopsdomain.com (etc) which acted like a bastion into the network from which you could connect with DB credentials to the actual databases.

It's convenient I will say that. I've tried not to replicate this exactly and instead have adminer running on a server on the network but only listening to localhost connections. To get access to it you can then SSH tunnel the ports locally:

> # Route 8082 on your machine to localhost:8080 on the server: > ssh -N -L 8082:localhost:8080 db.devopsdomain.com


I've found the biggest issue with this is that people forget they've deployed it. It just gets left there until it's sufficiently out of date that a security issue pops up.

https://www.cvedetails.com/vulnerability-list/vendor_id-1775...


As a non-native, I keep parsing the name as "ad-miner" which makes it distinctively non-interesting, heh.

I guess it's supposed to be read as "admin-er", i.e. a thing that admins but I just keep failing. :)


All my life I've been calling it ad-miner!! It never once struck me as admin-er!! You learn something new everyday!


I'm a native speaker and I parsed it exactly as 'ad-miner' until I saw your note.


I'm using it for at least last 6 years. I completely ditched PHPMyAdmin in favor of Adminer. An excellent light weight tool that can run wherever there's PHP running. Just one file (two if you like themes like me) and it's working.


phpmyadmin is terrible. Extremely complicated for most workflows, clicking the back button takes you to a random page, etc. adminer is a blessing.


There seems enough competitors when this looks like a tool from 20 years ago with limited functionality.

If you somehow do not use the obvious GUI tools like TablePlus, Postico or SequelAce but prefer web based, there are some that actually look modern.

https://www.getmotoradmin.com/

https://www.nocodb.com/

For readonly usage, Redash and Metabase are good.


> There seems enough competitors when this looks like a tool from 20 years ago with limited functionality.

This perhaps misses the point: the beauty of Adminer is that it works as a single PHP file that you can deploy in a shared hosting environment.

While the other linked tools are really cool, they have completely different goals: a low-code/no-code approach to working with data, instead of managing a MySQL/MariaDB instance when you don't have access to the DB server, the server refuses "remote" connections, you don't have SSH access for tunneling or want to do management through a web based interface instead of something like DataGrip, MySQL Workbench or even the CLI.

Though if someone really liked Motor Admin or NocoDB, there are a lot of great (self-hostable) Airtable alternatives out there as well, some of which are listed here: https://alternativeto.net/software/airtable/?platform=self-h...

I could have sworn that there was another list on GitHub of similar tools as well, in the style of https://github.com/awesome-selfhosted/awesome-selfhosted though.


Pretty sure that while both alternatives looks more modern, they targets whole different audience. Adminer is fast, simple and easy to deploy when you need accessing SQL based DB (ok, there is sibling project Adminer Editor for making fast CRUD interfaces defined by php code).

Both project you listed is for creating apps over your data without reinventing whole backend. They look cool and are definitely more powerful, but you have to deploy them (try to do that on shared web hosting). Again, whole different use-cases.


I think you're missing the point of Adminer even if it's part of the title. The tools you mentioned require Heroku or Docker, definitely not equivalent to "let me ftp this file up to this shared hosting"

If I have SSH access to an SQL server, there are even better native applications that can run locally.


@mekster : thank you for the mention.

NocoDB : is a single javascript file.

https://github.com/nocodb/nocodb-seed/blob/main/index.js

(disclaimer : Founder here)


10 lines ;)

It loads Express and the Noco modules.


A http-server like express is a basic necessity.. edited though :)


I can't figure out whether you simply don't understand why a single PHP file makes deploying easy, or whether you're purposefully misinterpreting things in an attempt to push your product.


Adminer has got me out of a jam many times, i tend to use it when i've had restricted access to the database somehow and just need quick and least hassle one-time access. Its a great tool to have in your toolbelt.


I got so fed up with phpmyadmin, I wrote my own version of this kind of thing. It's not one file though, and only satisfies my specific use cases (although it can browse/search tables, create, edit and delete databases, tables and keys). PHPMyAdmin is so aggressively awful. Writing my own thing for it, I was most surprised by how slow it is. I figured it was just innate to the queries being run to display the metadata required, but nope, my own tool turned out to be way faster.

I also really hate that it doesn't support opening new tabs properly, and the frame-sidebar table listing that goes out of sync with the actual database if you edit tables. also why is the default number of tables listed so low?? I'm all for more competition in this space


This post is about Adminer though. If you are going for simplicity then you might actually like Adminer


Yes, sorry, that was my roundabout way of saying that. Whenever phpmyadmin gets on my mind I just see red and wake up in a pool of sweat, several hours later, without any memory of what happened.


This tool really sped up my work one time, when I took on a new project and the server person sent me credentials to a really strangely configured & locked down account. Then a year or so later it happened again and man, there are a lot of people running small business servers that make tools like this valuable (this was years ago and I still come across this kind of thing).


just wonder isn't this same as login via db shell. psql or mysql whatever? Why do we need a php file to do that?


It's just faster. For many people, including me, clicking trough the DB and figuring out stuff in GUI is faster and easier that doing it from CLI. Usually I still execute final query manually either trough CLI or Adminer but figuring out what have to be done I'm doing trough GUI. Even things like searching records or editing single entries are easier and faster in GUI.


Its useful if you dont have access to the shell, i've used it many times in situations where theres less than ideal access.


Looks like a good alternative to phpMiniAdmin (http://phpminiadmin.sourceforge.net), which hasn't been updated since 2017.


It looks it hasn't been updated in nearly 12 months.

Adminer has added a lot to my Dev workflow, I really hope it doesn't die.


Imagine it like a pair of shoes. It gets produced, you buy it and its in some kind of finished state afterwards. Like a pair of shoes, it only has a narrow use case that it handles. No updates required.


Unfortunately updates are required here; to support new PHP versions. To the best of my knowledge the current version of Adminer still is not fully compatible with PHP 8.0 (it will emit warnings into an exported SQL dump):

https://github.com/vrana/adminer/pull/429 https://github.com/TimWolla/docker-adminer/issues/108#issuec...

Disclosure: I'm the TimWolla of the repository in the second link :-)


Adminer’s “search” function is very useful. I only wish the search function would work properly on PostgreSQL, too.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: