PHPMyAdmin on NHANES Demo Server

@r0bby We would like to install PHPMyAdmin on the demo server to allow other uses to run read-only queries of the system.

As an example, here is a visualization of how diagnosis rates vary by race for the conditions we are importing from the NHANES data.!/vizhome/EthDiagnosis/Sheet2?publish=yes

Other queries we’d like to be able to show and share are things such as “show me the diabetes patients taking metformin”

Can you help with setup, or may I have permission to do so? If the later, I would need help setting up a MySQL user account that has only read-only permissions.

Thanks, -Kevin and Bob

I will not install phpmyadmin. This will not happen. Run the queries server-side.

My reason is security, nothing more. Do not install it yourself either please – I’ll be very, very annoyed if you do.

I agree. Phpmyadmin is a huge security risk:

As an aside are these queries needed to demonstrate standard use of the system? If so, should there be some functionality built in at some point? (Even maybe some standard queries built specifically via some php scripts vs an open ended tool like phpmyadmin?)

1 Like

Are saying its better for the EHR team to host the test servers outside the LH infrastructure to have the flexibility of phpmyAdmin?

i would like to see us brainstorm a solution for the teams who will come on and send queries (as these will be dynamic ) that doesn’t compromise security - but a solution is needed … Let everyone put on their thinking caps and fast

@sunbiz any suggestions ?

1 Like

A separate server with remote queries is one way to mitigate risks, although phpmyadmin itself is arguably the bigger risk vs the infrastructure issue.

1 Like

What they choose to do is up to them, but my sole concern is security. I don’t want to deal with security implications. They should (as @downey suggested) build a tool for this.

As would I – but installing phpmyadmin is out of the question here. Even if we went with majority rule here – both @downey and I are firm on NOT installing it.

None of those issues are for 4.7 version or above. In addition, phpMyAdmin access need not be open-ended at the root access level…at all. Trying to find any unpatched CVE’s for current version…no “luck” so far. Not making an argument for using it on a demo server, as it is not a normal end-user tool, and is something that anyone could use the data with on their own system if they wanted it, just a ‘be real’ check on the presumption here.

The intention is to be able to demonstrate to less technical people the power of SQL and build an educational curriculum around SQL in the context of HIM.

I do not need PHPMyAdmin to run queries. It’s much easier/efficient for me to run them against my own MySQL instance locally, but if we want other potential instructors to be able to see what is possible, setting up server access for each of them seems impractical, and there is also a much steeper learning curve.

1 Like

SQL is powerful – but phpmyadmin is the wrong tool. This tool should be built into the EHR system itself…perhaps as a reporting mechanism.

I respect your decision to manage the server as you best see fit.

I’m sorry to take such a firm stance here – I will do whatever is needed but this isn’t needed…what’s needed is reporting tools – which allows you to run raw queries… in a constrained way. This should be built into EHR itself

That said I still think we need a workaround to get the work done. Has anyone seen alternatives other than running the tool on an isolated host?

1 Like

Y’all could look at Adminer as a replacement. It would need to be evaluated but it is about the only one (with good reviews) out there.

Just sharing the URL -

I’ll look later at it.

Thanks to everyone for exploring this approach. Kevin and I would like to see SQL capability that is simple and secure. This would be a unique EHR feature

@rhoyt, in that case – it should be built into LibreHealth EHR itself…as a reporting toolkit – this would be immensely powerful. OpenMRS has this functionality, and we should too.