Hi,
I understand the idea behind this new message
$strConfigDirectoryWarning = 'Directory [code]config[/code], which is used by the setup script, still exists in your phpMyAdmin directory. You should remove it once phpMyAdmin has been configured.'; //to translate
but what I find unfortunate is that, by adding this warning, we will discourage admins to use the web-based interface for ongoing configuration tasks which can be more frequent than just the initial installation.
Maybe verify whether the directory is writable and if so, produce a warning? This way the admin would just have to change permission.
Marc
Hi
Dne Wed, 25 Mar 2009 07:46:34 -0400 Marc Delisle Marc.Delisle@cegepsherbrooke.qc.ca napsal(a):
I understand the idea behind this new message
$strConfigDirectoryWarning = 'Directory [code]config[/code], which is used by the setup script, still exists in your phpMyAdmin directory. You should remove it once phpMyAdmin has been configured.'; //to translate
but what I find unfortunate is that, by adding this warning, we will discourage admins to use the web-based interface for ongoing configuration tasks which can be more frequent than just the initial installation.
They just need to make it temporarily available during configuration, it should not be there during normal operations.
Maybe verify whether the directory is writable and if so, produce a warning? This way the admin would just have to change permission.
Even having the directory there can cause problems - it contains generated config file, which setup script can read and display. This way anonymous user can read anything what is in configuration (eg. control user credentials).
-
Marc Delisle -
Michal Čihař