Developers October 2001

developers@phpmyadmin.net

18 participants
44 discussions

[Phpmyadmin-devel] Two problems...
by Loïc 11 Oct '01

11 Oct '01

Hi All! First problem: -------------- Let's say you have such a config : $cfgServers[1]['host'] = 'my_host'; ... $cfgServers[1]['adv_auth'] = TRUE; $cfgServers[1]['stduser'] = 'user1'; $cfgServers[1]['stdpass'] = 'passwd1'; ... $cfgServers[1]['only_db'] = ''; ... $cfgServers[2]['host'] = 'my_host'; ... $cfgServers[2]['adv_auth'] = TRUE; $cfgServers[2]['stduser'] = 'user2'; $cfgServers[2]['stdpass'] = 'passwd2'; ... $cfgServers[2]['only_db'] = 'db2'; ... Then you would be displayed the server choice with two options at the starting right frame. Let's say you are user2. Since both the $cfgServers arrays use the same host and you have MySQL rights to access it, you may choose to login to $cfgServers[1]. And then you may easlly skip the 'only_db' setting. Moreover, if you login to $cfgServers[2] the left frame will display only the 'db2' database. Fine... but if you have right access to other dbs on this server you are able to run queries on these dbs. An easy fix for the first problem would be to ensure to use the valid $cfgServers thanks to $cfgServers[i]['stduser'] once the authentication is passed. But with Marc (and thanks to a suggestion from Piotr) we're working on a version that no long need the login and password to be stored in the config. file if advanced authentication is used. This would widely improve security. In a few words, I wonder if the 'only_db' setting is really usefull. And I'm also afraid how dangerous it could be: I discussed with ISP webmasters at the beginning of this week and some of them just use the 'only_db' setting without worying too much about MySQL grants! They presumed phpMyAdmin far or less handle the databases access rights since the 'only_db' setting is not well documented or not documented enough. Second problem: -------------- In the discussions I've had, I've also faced an other problem that seems widepsread enough to be reported: some of the webmasters have had a deeper (even if not deep enough) look at the MySQL privileges system and at the phpMyAdmin login procedure. They have then understand that if an user does not have the global "select" privilege, PMA tries to build the databases list from the "mysql.db" table. So they setup some globals privileges but not the "select" one for each user and just define "SELECT" one for relevant databases in "mysql.db". This way only databases with the "SELECT" grant are diplayed in the left frame of course, but each user is allowed to use the other ones. For example if the global "DROP" privilege is set to "Y", any user is able to drop... the "mysql" db even if it's not displayed in the left frame! We should really add some words about security in the documentation and emphasis the words "phpMyAdmin does not handle rights itself, it only uses MySQL ones"... and my english is not fluently enough to do it myself. Regards, Loïc ______________________________________________________________________________ ifrance.com, l'email gratuit le plus complet de l'Internet ! vos emails depuis un navigateur, en POP3, sur Minitel, sur le WAP... http://www.ifrance.com/_reloc/email.emailif

2 1

[Phpmyadmin-devel] Questions again....
by Loïc 08 Oct '01

08 Oct '01

Hi List! I'm currently fixing the bugs with advanced authentication. I'm afraid this requires some important changes but it's required :( I've need your opinion on one point: who should be displayed the "show variables", and "show processlist" at the main right frame? Super-users only (ie those than can use the "mysql" db)? Those who do not have "only_db" set (but may be associated some restrictions with the mysql priv. system)? All users? Thanks for your advices, Loïc ______________________________________________________________________________ ifrance.com, l'email gratuit le plus complet de l'Internet ! vos emails depuis un navigateur, en POP3, sur Minitel, sur le WAP... http://www.ifrance.com/_reloc/email.emailif

3 2

[Phpmyadmin-devel] Fw: [Phpmyadmin-users] Disney & more
by Geert Lund - SilverSoft Productions 04 Oct '01

04 Oct '01

Sorry - the message below was caught in the moderation filter - I'll just post it again :-) Kind regards Geert Lund ----- Original Message ----- From: "Geert Lund - SilverSoft Productions" <glund(a)silversoft.dk> To: <phpmyadmin-devel(a)lists.sourceforge.net> Sent: Thursday, October 04, 2001 8:58 PM Subject: Fw: [Phpmyadmin-users] Disney & more > As shown below - I've just mailed Jo Ann and asked to stop spam mailing... > > I also tried to call the phonenumber supplied on the webpage - but > unfortunately it was a voicemail system, so there was nothing to do with > that. > > But I hope that the spam stops - else we may have to consider moderated > mailinglists (but hopefully we can stop spam-mail as it look like an > individual person spaming - for the time being). > > Just to let you know :-)) > > Spam is not tolerated!! > > -- > Kind regards > Geert Lund > > ----- Original Message ----- > From: "news-service" <news-service(a)int.tele.dk> > To: <joaharkins(a)aol.com> > Sent: Thursday, October 04, 2001 8:50 PM > Subject: RE: [Phpmyadmin-users] Disney & more > > > > > > Hello Jo Ann. > > > > I have to - once for all - ask you to STOP spam-mailing the phpMyAdmin > Users > > mailinglist (and for the matter - also the phpMyAdmin-devel list) - if I > see > > as much as one posting from you again in these lists - I'll fill a formal > > complaint against you to AOL.com and request that your account is shut > down. > > > > And don't think that it's just a threat - I'm working in the abuse and > > security department at the largest Internet Service Provider, ISP - in > > Denmark and we have good connections to the abuse department at AOL.com > and > > you _will_ be shut down! > > > > So, please, do us all a favour and keep your spam (that's: unwanted bulk > > e-mail) of our mailinglists... > > > > -- > > Kind regards > > Geert Lund, > > System Developer, > > TDC Internet A/S - http://www.teledanmark.dk/ > > > > > > > > ----- Original Message ----- > > From: <joaharkins(a)aol.com> > > To: <phpmyadmin-users(a)lists.sourceforge.net> > > Sent: Thursday, October 04, 2001 8:33 PM > > Subject: [Phpmyadmin-users] Disney & more > > > > > > > Celebrate Disneys 100th birthday, with Disney Collectables at discounted > > > prices! > > > www.josdiscountstore.com > > > > > >

1 0

[Phpmyadmin-devel] About spam - Just thought that you might like to know that I got response from Jo Ann - and what I've answered back :-)
by Geert Lund - SilverSoft Productions 04 Oct '01

04 Oct '01

Hello Jo Ann. The problem is - that you are not allowed to spam the phpmyadmin-user(a)lists.sourceforge.net e-mail adress. That has nothing to do what so ever with what you have paid for by som third party !! e-mail spam reseller !! - that dosen't make spamming more legal... And I tell you in a nice way - that your advertising on the above mentioned e-mail adress is SPAM - as soon as I tell you that your e-mails aren't wanted - it turns to spam... Spam is when you send e-mails to people who don't want it... And I can tell you very clearly that people on the before mentioned mailinglist defenitly don't want you spam - they have subscribed to the mailinglist to learn new info about the phpMyAdmin tool and nothing else! By the way - phpMyAdmin is not a product that can be registered - so I wonder where you have registered it? (if you've paid for it - you have been cheated). So again - this time I'm asking politely not to send out your unwanted spam e-mails to our mailinglist... That shoulden't be so hard to understand? -- Kind regards Geert Lund, System Developer, TDC Internet A/S - http://www.teledanmark.dk/ -----Original Message----- From: joaharkins(a)aol.com [mailto:joaharkins@aol.com] Sent: Thursday, October 04, 2001 10:33 PM To: news-service Subject: Re: [Phpmyadmin-users] Disney & more Dear Mr. Geert Lund: I am not spamming! I do have an account with host 4 profit.com, its my understanding I can advertise anything for sale as long as it is legal to sell, this is the address I was given by host4profit, I have also regestared with Phpmyadmin, Now what is the PROBLEM Jo Ann Harkins

1 0

[Phpmyadmin-devel] current cvs, left frame, IE 5.5
by Marc Delisle 04 Oct '01

04 Oct '01

IE 5.5 under Win NT: the left frame is expanded by default, and the + does not work. NN 4.75 under Win NT: left frame is ok. Marc

1 0

[Phpmyadmin-devel] We are now in 2.2.1 release candidate 1
by Marc Delisle 04 Oct '01

04 Oct '01

Hi, Let's be careful, we are trying to stabilize for 2.2.1. Marc

1 0

Re: [Phpmyadmin-devel] phpMyAdmin 2.2.1rc1 s released
by Loïc 04 Oct '01

04 Oct '01

Thanks Marc to have build this release :) TO ALL: do not submit anything to the cvs till it has been tagged with the new release number. Kind regards, Loïc ______________________________________________________________________________ ifrance.com, l'email gratuit le plus complet de l'Internet ! vos emails depuis un navigateur, en POP3, sur Minitel, sur le WAP... http://www.ifrance.com/_reloc/email.emailif

1 0

[Phpmyadmin-devel] The Female Friendly site
by John 04 Oct '01

04 Oct '01

A word about the Female Friendly site. This is an initiative by my daughter designed for two reasons. To help do something about the way that the web is being taken over by the adult industry, and to help subsidise her way through college. If you get a minute check it out at www.femalefriendly.net <http://www.femalefriendly.net/> or there is an affiliate programme paying 15$ per membership and 10$ donated to the charity chosen by the applicant. Details of this are available at My FF Affiliate Program <http://zzz.clickbank.net/jmap/?m=speeednet&c=http://www.femalefriendly.tv> Thank you for your time.

3 2

[Phpmyadmin-devel] phpMyAdmin 2.2.1rc1 s released
by Marc Delisle 03 Oct '01

03 Oct '01

Hi, The first release candidate of phpMyAdmin 2.2.1 is available. This version is mostly for bug fixes (have a look at the bug tracker for details), and contains some new features. Please test! http://phpmyadmin.sourceforge.net Marc Delisle, for the dev. team.

1 0

[Phpmyadmin-devel] phpMyAdmin 2.1.0 on Linux Mandrake 8.1
by Marc Delisle 01 Oct '01

01 Oct '01

Oops, they did not know about 2.2.0 :( Marc

1 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

Developers October 2001