Hey Marc (and others)...
I respect the points you mention, but I would like a clarification on your
part.
Shoot away ;O)
Are you only "feeling" a fear, or do you have facts to back your point
that the
code-changes are starting to compromise security and compatibility?
No, no, I woulden't say that any of the developers on the project in generally has started to write code that compromise security or compability...
But I call for the awareness of the dangerous path of development being maintained on a large project with many developers and even more users helping with supplying bugfixes and feature improvements/enhancements - as I see it for the moment the code is very stable and the security is good - but with the many code-rewrites and more code-rearrangeing that's made, we should keep more and more attention to not only checking the code for browser-compability - but also checking that security isen't compromised with the many code-changes.
And I still haven't seen any discussions on any code-rewrites - that's about whether the change might create a security issue or not - and most of our testusers (that uses the CVS version) will not sit down and test code for security breaches, but only that new (and old) features work correct - with the correct (and legal) use of phpMyAdmin.
So I was in no way attempting to imply that any on the developer team writes lazy/faulty code or anything that... With my starting mail - I simply wanted to draw attention to an issue that might become a problem in the long run - if we just keep our minds into feature-enhancement (and feature-bugfixes) and fancy things in general - and not stay focused on the importance in writing code with as few security breaches as possible.
A good example is the inclusion of the phpinfo.php3 file - which provides really important information about the server that phpMyAdmin runs on - and nobody had their attention to including the AUTH-check in this file... A mistake that wasen't fatal in any way - but the next mistake might be far more fatal...
My question to some thoughts (in which my original post was intended): can we afford to make fatal mistakes in this matter - in an administration application used by 100.000+ users around the world - used by administrators, developers, ISPs etc. etc. etc. - can we afford to _hope that_/_rely on_ some one will find the security holes before the release of final-versions of phpMyAdmin? Just because we all might be caught up in rewriting code and enhancing features or adding new fancy stuff (because that's far more fun than to check already written code) ;o)
Hope this clears it up a bit? But please anybody - do comment in any way - because I think that focus on this subject is in any way for the best of phpMyAdmin ;-)))
PS. It might look like I'm being paranoid - but I work as a web system developer at the largest ISP in Denmark (TDC Internet), and has to keep focus on security in all that I do :-/ (sometime it would be more fun just write new stuff and fuck the 'bad' code I've written i the past - but I don't think that my employer think it's fun when someone compromises the security, database-integrity etc.
Wow - that was a long answer :-))) But in any way - I'll check out the code more closely and see if I can find stuff that might be a problem - as soon as I'm done with the server-cluster setup I'm doing these next couple of days :-)))
-- Kind regards Geert Lund