8 Dec
2009
8 Dec
'09
3:53 p.m.
Hi,
in the doc we say:
$cfg['ShowServerInfo'] boolean
Defines whether to display detailed server information on main
page. (...)
Currently, this parameter, when false, only hides the protocol version,
the logged-in user and the server's full name (next to the verbose name).
It's true that this parameter is poorly named (it should have been
ShowDetailedMySQLInfo). We got a request to remove all web server info
and MySQL server info from the main page when this parameter is set to
false. I think this would be appropriate.
Comments?
--
Marc Delisle
http://infomarc.info
8 Dec
8 Dec
4:53 p.m.
Marc Delisle wrote:
Hi,
in the doc we say:
$cfg['ShowServerInfo'] boolean
Defines whether to display detailed server information on main
page. (...)
Currently, this parameter, when false, only hides the protocol version,
the logged-in user and the server's full name (next to the verbose name).
It's true that this parameter is poorly named (it should have been
ShowDetailedMySQLInfo). We got a request to remove all web server info
and MySQL server info from the main page when this parameter is set to
false. I think this would be appropriate.
Comments?
I can imagine that some people would rather obscure these facts from view.
So yes, lets make ShowServerInfo realy mean all that server info.
In that same reasoning maybe we should also offer an option to not
display the phpMyAdmin version.
One tricky sidenote: The export function also output's version
information...
--
Met vriendelijke groet / Regards,
Herman van Rink
Initfour websolutions
5:16 p.m.
Herman van Rink a écrit :
Marc Delisle wrote:
Hmmm, well ... it is present also in Documentation.html and
translators.html. What do you have in mind with this, obscuring for
security purposes?
Hi,
in the doc we say:
$cfg['ShowServerInfo'] boolean
Defines whether to display detailed server information on main
page. (...)
Currently, this parameter, when false, only hides the protocol version,
the logged-in user and the server's full name (next to the verbose name).
It's true that this parameter is poorly named (it should have been
ShowDetailedMySQLInfo). We got a request to remove all web server info
and MySQL server info from the main page when this parameter is set to
false. I think this would be appropriate.
Comments?
I can imagine that some people would rather obscure these facts from view.
So yes, lets make ShowServerInfo realy mean all that server info.
In that same reasoning maybe we should also offer an option to not
display the phpMyAdmin version.
One tricky sidenote: The export function also output's version
information...
Good point, so ShowServerInfo should have an impact also for export.
--
Marc Delisle
http://infomarc.info
9 Dec
9 Dec
11:38 a.m.
Hi
Dne Tue, 08 Dec 2009 14:16:21 -0500
Marc Delisle <marc(a)infomarc.info> napsal(a):
It does not make sense, you need to include the version there so that
people know for which version the documentation is.
--
Michal Čihař | http://cihar.com | http://blog.cihar.com
Herman van Rink a écrit :
> Marc Delisle wrote:
>> Hi,
>> in the doc we say:
>> $cfg['ShowServerInfo'] boolean
>> Defines whether to display detailed server information on main
>> page. (...)
>>
>> Currently, this parameter, when false, only hides the protocol version,
>> the logged-in user and the server's full name (next to the verbose name).
>>
>> It's true that this parameter is poorly named (it should have been
>> ShowDetailedMySQLInfo). We got a request to remove all web server info
>> and MySQL server info from the main page when this parameter is set to
>> false. I think this would be appropriate.
>>
>> Comments?
>>
> I can imagine that some people would rather obscure these facts from view.
> So yes, lets make ShowServerInfo realy mean all that server info.
Makes sense to me.
In that same
reasoning maybe we should also offer an option to not
display the phpMyAdmin version.
Hmmm, well ... it is present also in Documentation.html and
translators.html. What do you have in mind with this, obscuring for
security purposes?
3:32 p.m.
Herman van Rink a écrit :
Marc Delisle wrote:
I'm working on it.
Hi,
in the doc we say:
$cfg['ShowServerInfo'] boolean
Defines whether to display detailed server information on main
page. (...)
Currently, this parameter, when false, only hides the protocol version,
the logged-in user and the server's full name (next to the verbose name).
It's true that this parameter is poorly named (it should have been
ShowDetailedMySQLInfo). We got a request to remove all web server info
and MySQL server info from the main page when this parameter is set to
false. I think this would be appropriate.
Comments?
I can imagine that some people would rather obscure these facts from view.
So yes, lets make ShowServerInfo realy mean all that server info.
In that same reasoning maybe we should also offer an option to not
display the phpMyAdmin version.
I would wait about this one.
One tricky sidenote: The export function also
output's version
information...
Since there are many ways to get MySQL server information, I think the
goal here is just to "fix" the ShowServerInfo parameter.
--
Marc Delisle
http://infomarc.info
11 Dec
11 Dec
11:29 a.m.
Marc Delisle wrote:
Herman van Rink a écrit :
The Drupal community has had a lengthy
discussion about this:
http://drupal.org/node/79018
A good point in made about not relying on security by obscurity.
In a similar fashion we could include a small note in the documentation
about which files to delete/hide/make unreadable to keep this info from
just every web-client.
--
Met vriendelijke groet / Regards,
Herman van Rink
Initfour websolutions
I can imagine that some people would rather
obscure these facts from
view.
So yes, lets make ShowServerInfo realy mean all that server info.
I'm working on it.
In that same reasoning maybe we should also offer
an option to not
display the phpMyAdmin version.
I would wait about this one.
3:45 p.m.
Herman van Rink a écrit :
Marc Delisle wrote:
Can we discuss this during the team meeting at FOSDEM? :)
--
Marc Delisle
http://infomarc.info
Herman van Rink a écrit :
The Drupal community has had a lengthy
discussion about this:
http://drupal.org/node/79018
A good point in made about not relying on security by obscurity.
In a similar fashion we could include a small note in the documentation
about which files to delete/hide/make unreadable to keep this info from
just every web-client.
I can imagine that some people would rather
obscure these facts from
view.
So yes, lets make ShowServerInfo realy mean all that server info.
I'm working
on it.
In that same reasoning maybe we should also offer
an option to not
display the phpMyAdmin version.
I would wait about this one. 
16 Dec
16 Dec
9:48 a.m.
Am 11.12.2009 14:29, schrieb Herman van Rink:
Marc Delisle wrote:
no one relies on security by obscurity - at least not here in the pma
devel team, IMHO
it is just an information disclosure we (hm, at least i am listening)
are talking here about
let the user choose whether to display the information or not - even if
i think it makes not much sense
at least most of the MySQL Server related information can be gathered by
simple SQL statements
--
Sebastian Mendel
Herman van Rink a écrit :
The Drupal community has had a lengthy
discussion about this:
http://drupal.org/node/79018
A good point in made about not relying on security by obscurity.
In a similar fashion we could include a small note in the documentation
about which files to delete/hide/make unreadable to keep this info from
just every web-client. I can imagine that some people would rather
obscure these facts from
view.
So yes, lets make ShowServerInfo realy mean all that server info.
I'm working on it.
In that same reasoning maybe we should also offer
an option to not
display the phpMyAdmin version.
I would wait about this one.
11:08 a.m.
Sebastian Mendel a écrit :
Am 11.12.2009 14:29, schrieb Herman van Rink:
Sebastian,
who do you mean by "the user"? The person who runs phpMyAdmin or the one
who has access to configure it?
Marc Delisle wrote:
no one relies on security by obscurity - at least not here in the pma
devel team, IMHO
it is just an information disclosure we (hm, at least i am listening)
are talking here about
let the user choose whether to display the information or not - even if
i think it makes not much sense Herman van Rink a écrit :
The Drupal community has had a lengthy
discussion about this:
http://drupal.org/node/79018
A good point in made about not relying on security by obscurity.
In a similar fashion we could include a small note in the documentation
about which files to delete/hide/make unreadable to keep this info from
just every web-client. I can imagine that some people would rather
obscure these facts from
view.
So yes, lets make ShowServerInfo realy mean all that server info.
I'm working
on it.
In that same reasoning maybe we should also offer
an option to not
display the phpMyAdmin version.
I would wait about this one.
at least most of the MySQL Server related information can be gathered by
simple SQL statements
--
Marc Delisle
http://infomarc.info
12:31 p.m.
Am 16.12.2009 14:08, schrieb Marc Delisle:
Sebastian Mendel a écrit :
the one who has access to configure it
--
Sebastian Mendel
Am 11.12.2009 14:29, schrieb Herman van Rink:
Sebastian,
who do you mean by "the user"? The person who runs phpMyAdmin or the one
who has access to configure it? Marc Delisle wrote:
no one relies on security by obscurity - at least not here in the pma
devel team, IMHO
it is just an information disclosure we (hm, at least i am listening)
are talking here about
let the user choose whether to display the information or not - even if
i think it makes not much sense Herman van Rink a écrit :
> I can imagine that some people would rather obscure these facts from
> view.
> So yes, lets make ShowServerInfo realy mean all that server info.
I'm working on it.
> In that same reasoning maybe we should also offer an option to not
> display the phpMyAdmin version.
>
I would wait about this one.
The Drupal community has had a lengthy discussion
about this:
http://drupal.org/node/79018
A good point in made about not relying on security by obscurity.
In a similar fashion we could include a small note in the documentation
about which files to delete/hide/make unreadable to keep this info from
just every web-client.
5379
days inactive
5387
days old
9 comments
4 participants
participants (4)
-
Herman van Rink -
Marc Delisle -
Michal Čihař -
Sebastian Mendel