On 4 July 2011 14:49, Marc Delisle marc@infomarc.info wrote:

Le 2011-07-04 07:37, Herman van Rink a écrit :

...

Zarubin / all,

I would like to add a .htaccess file to the test directory of phpmyadmin similar to the libraries/.htaccess file.

This would be better than no protection at all; but not all web servers support the .htaccess mechanism.

...

This should not affect regular users as the directory is not included in the download kits.

It would protect someone who uses a Git checkout from accidentally exposing path information though.

Would it be enough to include a README.txt file in the test directory which explains how to allow certain IP's ?

I suggest just a reference to http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#allow

...

What are your thoughts?

I think its right decision.

-- Marc Delisle http://infomarc.info

---

All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2 _______________________________________________ Phpmyadmin-devel mailing list Phpmyadmin-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/phpmyadmin-devel