Hi,
token does not work if cookies are disabled
of course the whole session thing does not work if cookies disabled, but
till now this was not a problem as the session was just re-init with
every request if the session could not be continued.
so phpMyAdmin now requires cookies enabled in browser.
--
Sebastian Mendel
www.sebastianmendel.de
Hi guys,
This is the public portion of my report back on MySQL UC 2006.
Thanks to:
- MySQL/O'Reilly for inviting us.
- Seb Le Tuan, one of the CouchSurfing.com founders, for letting me stay
in his spare bedroom.
- Seb's mother, for inviting us for dinner one night.
- The rest of you guys, for offering me the chance to go to Silicon
Valley.
Saturday (before leaving):
- Prepared and printed 11"x17" phpMyAdmin posters.
- Prepared and printed PMA business cards with our logo, my name, my
email, our website, and my PGP key.
- I'll upload the template/datafiles for the posters and cards for
anybody else that wants them - you'll need Adobe Illustrator CS2 and
InDesign CS2 to edit them, so I'll put up PDFs as well.
Sunday:
- Left home early, all of check-in, US security, and US immigration took
me a record 23 minutes. There was nobody in line for check-in, and
only one person in front of me for security. I'd allocated 2 hours for
all of this process, as that's close to what it's taken before.
- No free wireless in Vancouver, read a book instead.
- Arrived Portland, airport now has public free wireless. Waited for
next flight and read more.
- Arrived San Jose on time, met with Seb, had dinner.
Monday:
- Got a ride with Seb as far as his office, and took transit from there.
- Arrived conference centre just before noon after going around on
transit - it really isn't a transit city - you really need to be on
the main transit lines or have a car in future. The DotOrg area was
not yet ready for any setup stuff, so had lunch instead, and sat
coding for a bit.
- Set up booth with posters, see photos.
- Rode the light rail transit (very similar to the Karlsruhe trams), and
saw downown Mountain View (see more photos, but I didn't find Google).
- Was invited to dinner with Seb's mother and stepfather.
Tuesday:
- Early start, Seb dropped me off at the convention centre first thing,
and I got everything else ready, including my demo of PMA 2.8.0.3.
Tuesday/Wednesdayi common things:
- The HP booth was across the aisle from our booth, and one of their
guys came over to talk to me - he's from HP Beijing, and offers us
many thanks for making phpMyAdmin - and he gave me/us a set of
chopsticks from HP Beijing as a token of thanks.
- Visitors to the exhibit area mainly came between the sessions (thanks
to the free snacks from IBM and MySQL), but there were also a number
of exhibits only folk, coming all the time.
- During quiet periods, I took a walk around and saw some of the other
booths. There is a lot of focus on commercial clustering/replication,
followed by MySQL support, business inteligence/reporting and then
backup solutions and other things.
- I had at least 10 inquiries about how to help support the project, one
of which will probably be donated code, and the rest were primarily
wondering how to give us some money back - since they make such large
use of our work. I pointed out the SF donation page, and said to email
us if they wanted to do large amounts or something different.
- A lot of big names bundle/use PMA with their offerings: HP, IBM,
Novell/SuSE, Rackspace, SugarCRM, SCO, Sun, UniSys, Google and more.
They were glad to see us there, and noted a few general things:
Their customers sometimes hit a blank page and have a hard time
tracing it down - mainly due to us turnings errors off. They would
like errors turned back on, to help them trace things. The IE/Gzip bug
is not involved, as many of them turn off gzip to avoid it. It might
be nice to detect Internet explorer and disable obzip when we have
$cfg['OBGzip'] = 'auto';
- Also met some users from big places that use PMA - Los Alamos National
Lab, Livermore Lab, US DoD, etc. One of the Los Alamos guys said if we were
passing thru and the lab was in a low-security time (no classified
projects going on), he'd give us a tour.
- Similar to the previous item, I had a few users bring their laptops,
with reproduced bugs to show me - mainly configuration errors
compounded by the new system (old config files reused), and user
error. Turning on error display would help us a lot.
- There was one very interesting real bug - the user had a replicated
database. Using 'DROP TABLE' on the master via the commandline,
replicated fine. Doing the same on the master via PMA didn't
replicate.
- I took a quick survey of all GUI tools that were represented at the
conference, or that any of the MySQL folk could think of. PMA was the
oldest, having started in 1998. The next competitor emerged shortly
before we started on SourceForge in 2001. Navicat and Webyog
Wednesday:
- Spoke to Monty in the afternoon, and picked his brain about the oldest
GUI, he also believes it was PMA, but he said he'd check the collected
archives of MySQL email to be sure. He also mentioned something
lacking in PMA, and other apps in general at the moment - lack of a
good form builder tool for web interfaces, that is capable of hooking
up the form to the database directly - there's too much manual work
involved still.
- Packed up my booth stuff, as the exhibit portion was only Tues/Weds.
- The O'Reilly folk say that we're welcome at OSCON in Portland, end of
July 2006. I may be able to make it there, not certain, as I'm getting
married 3 weeks after that ;-).
- One of the PMA users asked if I had dinner plans, as I didn't we had
dinner and discussed PMA/MySQL stuff.
Thursday:
- Did some sight-seeing around Silicon Valley, having never been down
here before, I can recommend 'The Tech' museum in downtown San Jose.
- Cooked a thanks dinner for Seb, incl. my family secret chocolate sauce
recipe to put on the desert.
Friday:
- Up early for travelling, security wasn't too bad again, 45 minutes
processing time in at San Jose, almost entirely waiting for security.
- Flight from Portland to Vancouver was delayed due to maintenance
problems with the plane, arrived an hour late.
--
Robin Hugh Johnson
E-Mail : robbat2(a)users.sourceforge.net
GnuPG FP : 11AC BA4F 4778 E3F6 E4ED F38E B27B 944E 3488 4E85
Hi,
I was trying to get a decent banner together for MySQL UC, but the logos
aren't coming out nicely.
Do we have a nice high resolution version or even better, a vector art
version somewhere?
--
Robin Hugh Johnson
E-Mail : robbat2(a)users.sourceforge.net
GnuPG FP : 11AC BA4F 4778 E3F6 E4ED F38E B27B 944E 3488 4E85
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
some time ago we already discussed this wiki-thing, the result was that
running a wiki on sf.net is not secure or there was no time to set it up?
i could set up this wiki, whether on my own space, or somewhere on
sf.net. (i have already set up and maintaining one wiki (phpbar.de))
... i came across this again by the previous post of marc about sql
query should always escaped (obviously that this is clear) there is no
developer docu where this is written ... or? ... and some other things
that are difficult to document in the source.
- --
Sebastian Mendel
www.sebastianmendel.de
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (MingW32)
iD8DBQFER0CtX/0lClpZDr4RAsiNAJ9XxMl07THmcPAbuLRqUfcZgRZhuwCfd2ya
I2iB2n7IE2cyIE6beSW7Nf0=
=hwCv
-----END PGP SIGNATURE-----
Hi
probably most of you noticed this, but just to make sure
everybody knows it:
Anonymous CVS is not being updated since CVS breakage at the end of
March. This situation will stay at least till end of April, see sf.net
status page [1] for details.
This also means that snapshots and online demos are not on current
versions, so do not tell users to test on those something you've
recently fixed.
1. https://sourceforge.net/docs/A04/
--
Michal Čihař | http://cihar.com
Hi,
what is/was the reason for putting this $*_font_family variables into
the language files?
is this still needed?
shouldn't the browser has the right font to use for displaying the
language requested by the user?
(f.e. i use 'Arial Unicode MS', which works best with all languages)
--
Sebastian Mendel
www.sebastianmendel.de
Hi,
is there a problem with replacing font-size 10px with f. e. 8pt in
darkblue orange theme?
i have absolutely no problem with leaving it at 10px! just a question!
font size of 10 px gives me an absolute hight of X with about 1.3 mm and
absolut height of x about 0.9mm - nearly unreadable! (my sytem is
running at 144 DPI)
font size 8 pt should appear with about the same size as 10px on 72 DPI
displays (the default on most systems) and has the right size on any
other dpi settings!
--
Sebastian Mendel
www.sebastianmendel.de
We like to invite you to a survey about the working conditions in
Free/Open-Source Software development. This survey is conducted by the
Open-Source Research Group of the University of Würzburg (Germany).
We will compare work design in open source and proprietary software
development. Our findings should be used to adjust the working
conditions of software development to the needs of the developers. The
results will be published under the Creative Commons License.
To start the survey, please follow the link:
http://www.unipark.de/uc/open-source-task/
If you have any questions don't hesitate to contact us!
Dirk Jendroska
http://www.psychologie.uni-wuerzburg.de/ao/staff/jendroska.php?lang=en
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Michal ?iha? schrieb:
> On Thu, 20 Apr 2006 14:50:55 +0200
> Michal ?iha? <michal(a)cihar.com> wrote:
>
>> Both is quite simple (see attached patch). Only problem is when to
>> check whether token is correct. For now I added check to import.php and
>> sql.php, are there any other dangerous places?
>
> Problematic places are many :-(. Eg. dropping users using URL:
>
> http://localhost/pma-2.8.0/server_privileges.php?selected_usr%5B%5D=aaa%1B%…
>
> It will be quite hard to spot all such places. Any better idea how to
> protect against such XSS?
token can be checked globaly in common.lib.php
if token is wrong empty all $_REQUEST/GET/POST
- --
Sebastian Mendel
www.sebastianmendel.de
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (MingW32)
iD8DBQFER5M9X/0lClpZDr4RAlQnAKCjjsLJgf1NVBSjgUF/kLCUEqh/WACgsdF6
r/rINW+W5Gu57iPUzqp9eUc=
=O+JN
-----END PGP SIGNATURE-----