Hi,
after this change: http://phpmyadmin.cvs.sourceforge.net/phpmyadmin/phpMyAdmin/main.php?r1=2.83...
we no longer present the "Show PHP information" to superusers if $cfg['ShowPhpInfo'] is false.
But, our doc says: $cfg['ShowPhpInfo'] boolean $cfg['ShowChgPassword'] boolean $cfg['ShowCreateDb'] boolean Defines whether to display the "PHP information" and "Change password " links and form for creating database or not for simple users at the starting main (right) frame. This setting does not check MySQL commands entered directly.
As I read this doc, it seems to apply to "simple users". So I would like to revert to previous behavior. IMO, a superuser should always see this link. The intention of the ShowPhpInfo parameter was to block this information for simple users -- well, at least, to block displaying the link.
Marc
On Sun, 09 Jul 2006 19:40:10 -0400 Marc Delisle Marc.Delisle@cegepsherbrooke.qc.ca wrote:
after this change: http://phpmyadmin.cvs.sourceforge.net/phpmyadmin/phpMyAdmin/main.php?r1=2.83...
we no longer present the "Show PHP information" to superusers if $cfg['ShowPhpInfo'] is false.
But, our doc says: $cfg['ShowPhpInfo'] boolean $cfg['ShowChgPassword'] boolean $cfg['ShowCreateDb'] boolean Defines whether to display the "PHP information" and "Change password " links and form for creating database or not for simple users at the starting main (right) frame. This setting does not check MySQL commands entered directly.
As I read this doc, it seems to apply to "simple users". So I would like to revert to previous behavior. IMO, a superuser should always see this link. The intention of the ShowPhpInfo parameter was to block this information for simple users -- well, at least, to block displaying the link.
I prefer not to show phpinfo at all if disabled. MySQL superuser doesn't have to be trusted enough to see such information. I think that argument for the change was exactly the same. The doc should reflect code change.
Marc Delisle schrieb:
Hi,
after this change: http://phpmyadmin.cvs.sourceforge.net/phpmyadmin/phpMyAdmin/main.php?r1=2.83...
we no longer present the "Show PHP information" to superusers if $cfg['ShowPhpInfo'] is false.
But, our doc says: $cfg['ShowPhpInfo'] boolean $cfg['ShowChgPassword'] boolean $cfg['ShowCreateDb'] boolean Defines whether to display the "PHP information" and "Change password " links and form for creating database or not for simple users at the starting main (right) frame. This setting does not check MySQL commands entered directly.
As I read this doc, it seems to apply to "simple users". So I would like to revert to previous behavior. IMO, a superuser should always see this link. The intention of the ShowPhpInfo parameter was to block this information for simple users -- well, at least, to block displaying the link.
but the MySQL and the phpMyAdmin host-system is not always the same - why should a db-superuser also have all rights on the phpMyAdmin host-system?
$cfg['ShowPhpInfo'] should be independent from MySQL superuser