MySQL Database Management — phpMyAdmin SSO, Backups, Remote Access
Panelica includes full MySQL 8.0 database lifecycle management — create databases, manage users with granular privileges, configure remote access, run backups, optimize tables, and launch phpMyAdmin with one-click SSO. All from the panel, no command line needed.
In This Article
1. Database Creation & Management
Creating a MySQL database in Panelica takes three fields: database name, username, and password. The panel automatically creates both the database and a dedicated user with appropriate privileges. For WordPress sites, Panelica offers a pre-configured template that sets optimal utf8mb4 character encoding and utf8mb4_unicode_ci collation for full emoji and multilingual support.
One-Step Creation
Database + user created together in a single operation. No need to create the database first, then the user, then assign privileges. One form, one click, done.
Domain-Scoped
Databases are scoped to domains, making it clear which database belongs to which site. RBAC ensures users can only see and manage databases attached to their own domains.
Real-Time Statistics
Live MySQL server stats: version, uptime, active connections, total queries, cache hit ratio, buffer pool usage. Per-database stats: table count, total size, index size — all cached for performance.
Framework Templates
Pre-configured database settings for WordPress, Laravel, and other popular frameworks. The right charset, collation, and user privileges are set automatically — no manual configuration needed.
2. Database User Management
Panelica manages MySQL users with a granular, role-based privilege system. Instead of manually granting individual privileges, you assign one of four predefined roles:
| Role | MySQL Privileges | Use Case |
|---|---|---|
| read | SELECT | Reporting dashboards, read-only API access |
| readWrite | SELECT, INSERT, UPDATE, DELETE | Application users (WordPress, Laravel) |
| dbAdmin | + CREATE, DROP, ALTER, INDEX | Migration runners, schema managers |
| dbOwner | + CREATE TEMPORARY TABLES, LOCK TABLES | Full control for site owners |
Each database user follows MySQL's user@host pattern — a single username can have different access from different hosts. When you add a new remote host, Panelica automatically grants access for all existing database users to that host. When you remove a host, access is automatically revoked.
MYSQL_PWD environment variable — never visible in ps aux or process listings. No plaintext credentials anywhere in the system.
3. Remote MySQL Access
By default, MySQL only accepts connections from localhost. Panelica's Remote MySQL Access feature lets you whitelist specific IP addresses, hostnames, or wildcards for remote database connections — essential for external applications, development tools, and microservice architectures.
IP-Based Access
Whitelist specific IP addresses (203.0.113.50) for remote database tools like MySQL Workbench, TablePlus, DBeaver, or Sequel Pro.
Wildcard Support
Use MySQL wildcard patterns (192.168.1.%) to allow entire subnets. Useful for office networks or cloud provider IP ranges.
Auto-Grant / Auto-Revoke
Adding a new remote host automatically runs GRANT for all existing database users. Removing a host automatically revokes access. No manual privilege management needed.
Owner Isolation
RBAC-scoped: ROOT sees all remote hosts (system-wide), while regular users only see hosts they created. No cross-user access leakage.
4. Backup, Optimize & Repair
Three essential database maintenance operations are available directly from the panel — no SSH, no memorizing mysqldump flags:
Database Backup
One-click mysqldump with gzip compression. Backups are stored in the user's home directory and can be downloaded directly through the panel. The backup process streams the compressed dump — even multi-gigabyte databases don't consume excessive server memory during backup.
Optimize Tables
Runs OPTIMIZE TABLE on all tables in a database. Reclaims fragmented disk space after large DELETE operations and updates index statistics for better query planning. Essential maintenance for InnoDB tables that have grown and shrunk over time.
Repair Tables
Runs REPAIR TABLE to fix corrupted MyISAM tables. While InnoDB tables are crash-safe by design, legacy MyISAM tables (still common in older WordPress installations) can corrupt during unexpected shutdowns.
../ or absolute paths are rejected before reaching the filesystem. Security is built into every endpoint, not bolted on as an afterthought.
5. phpMyAdmin SSO
Panelica integrates phpMyAdmin with Single Sign-On — ROOT users can launch phpMyAdmin directly from the database management page without entering MySQL credentials. The SSO flow is designed for security:
6. Security Architecture
Database security in Panelica is multi-layered:
- AES-256-GCM encryption for all stored database passwords — not reversible without the server's master encryption key
- SQL injection prevention: Strict input validation (username:
a-zA-Z0-9_-, max 32 chars; database: max 64 chars; host: IP/hostname/wildcard validation) — all DDL operations use validated, quoted identifiers - Protected system users:
root,mysql,phpmyadmin,debian-sys-maintare permanently protected from deletion or modification through the panel - Two-layer RBAC: Handler-level authorization (API gateway) AND service-level ownership verification — defense-in-depth against IDOR attacks
- Unix socket connections: MySQL communicates via
/opt/panelica/var/run/mysqld/mysqld.sock— local connections never traverse the network stack, eliminating network-level attacks - Webhook audit trail:
database.created,database.deleted,database.password_changedevents fire automatically for external monitoring and compliance logging
7. Performance Optimizations
Panelica's database management layer handles servers with hundreds of databases efficiently:
information_schema — notoriously slow. Panelica uses batch queries with a 60-second TTL cache. Listing 100 databases: ~50ms instead of ~4,500ms. The ANALYZE TABLE command runs automatically before size queries to ensure fresh statistics.
Connection pooling (MaxOpen=100, MaxIdle=25) prevents connection exhaustion under load. The panel reuses database connections from a shared pool instead of opening new connections for each operation.
8. cPanel vs Plesk vs Panelica Database Comparison
| Feature | cPanel | Plesk | Panelica |
|---|---|---|---|
| MySQL version | 5.7 / 8.0 | 5.7 / 8.0 | MySQL 8.0 (latest) |
| Role-based privileges | All or nothing | Basic | 4 granular roles |
| Remote access GUI | Per-user only | Manual config | Centralized with auto-grant |
| phpMyAdmin SSO | Yes | Yes | Yes (5-min single-use token) |
| Per-database backup | Full account only | Per-database | Per-database + download |
| Optimize/Repair GUI | No | No | One-click from panel |
| Password encryption | Plaintext in configs | Hashed | AES-256-GCM |
| Orphan user detection | No | No | Detect + safe cleanup |
| Stats caching | No caching | No caching | 60s batch cache (90x faster) |
| Webhook events | No | No | create/delete/password events |
| Framework templates | No | No | WordPress, Laravel presets |
| Connection info display | Basic | Basic | Full (host, port, socket, user) |
9. Orphan User Detection & Cleanup
Over time, MySQL accumulates orphan users — accounts that exist in MySQL's user table but aren't tracked by the panel. This happens when databases are created via SSH, imported from backups, or left behind after failed migrations.
Panelica's orphan detection compares MySQL's mysql.user table against the panel's tracked database users and identifies untracked accounts. The cleanup supports both dry-run mode (list orphans without deleting) and force mode (remove them). System users like root, mysql, and debian-sys-maint are permanently protected and never flagged as orphans.
Complete MySQL Management — Built In
MySQL 8.0 + phpMyAdmin SSO + automated backups + orphan detection + role-based privileges. No plugins to install, no extra fees.
Start Free TrialPanelica — Database management that goes beyond "create" and "delete" buttons.