Le 2011-07-16 05:30, Michal Čihař a écrit :
Hi
Dne Fri, 15 Jul 2011 10:50:35 -0400 Isaac Bennetchbennetch@gmail.com napsal(a):
On Jul 15, 2011, at 9:35 AM, Marc Delislemarc@infomarc.info wrote:
Hi,
we got a suggestion from a user about either restricting access to /setup or telling the installer to remove this directory after initial setup.
Let's discuss this...
If I remember correctly, the reason this wasn't done in the first place is that there's no vulnerability to leaving it exposed. The user moves the generated config.inc.php, and a malicious user can't write a new one that would be used. Additionally, users who wish to reconfigure later might want to run the setup; if it's removed they'll have to (presumably) reinstall the entire program.
If there were a good reason to remove it, then I'd certainly support the idea, but I don't see a compelling reason at the moment.
I've seen this in various web applications - they force you to remove setup once installation is done.
Yes but in these applications, their installation program does things like - letting you choose an admin password - entering database credentials - creating initial database - creating the effective configuration file
This is why they ask (or sometimes enforce) to remove the setup directory.
I don't see the same need for phpMyAdmin because our setup code never writes to the effective configuration file, only to a staging one.
I don't think we should make it that hard requirement, however suggesting to remove it after setup won't hurt.
Also option would be to limit access to it for example only to authenticated MySQL users, what would limit the audience quite a lot.