[Phpmyadmin-devel] Suggestion

Hi List! I suggest to use the attached version of "common.lib.php3" for the plain 2.2.1 release. It does not contains many changes (it's just a kind of "temporary" improvement") but it allows: - to fix bug #472201(denied to mysql user db. AdvAuth failed.) that is a true problem indeed: requiring each user to have "select" privilege on the "mysql" db is not a so good idea; - to really skip all the "get dbs list from the mysql db" if $cfgServers[i]['only_db'] is set. Could you try it and tell me what your opinions about it are? Thanks, Loïc

Hi Loïc and List, before I test this new common.lib, I would like to understand something: for bug 472201, I guess the user was trying to use advanced auth without an administrative user/password. So I suggested that he should use normal auth. This is not a bug. We know that we should develop a better auth system but it currently works, even for users that don't have access to the mysql.* tables. But 2.2.1 is at RC stage, this is not the time to modify this, IMHO. Loïc a écrit :
Hi List!
I suggest to use the attached version of "common.lib.php3" for the plain 2.2.1 release. It does not contains many changes (it's just a kind of "temporary" improvement") but it allows: - to fix bug #472201(denied to mysql user db. AdvAuth failed.) that is a true problem indeed: requiring each user to have "select" privilege on the "mysql" db is not a so good idea; - to really skip all the "get dbs list from the mysql db" if $cfgServers[i]['only_db'] is set.
Could you try it and tell me what your opinions about it are?
Thanks, Loïc
------------------------------------------------------------------------ Name: common.lib.tar.gz common.lib.tar.gz Type: WinRAR archive (application/x-compressed) Encoding: base64

Loïc a écrit :
Hi List!
I suggest to use the attached version of "common.lib.php3" for the plain 2.2.1 release. It does not contains many changes (it's just a kind of "temporary" improvement") but it allows: - to fix bug #472201(denied to mysql user db. AdvAuth failed.) that is a true problem indeed: requiring each user to have "select" privilege on the "mysql" db is not a so good idea;
Ok, your new common.lib.php3 removes the need for stduser/stdpass. It works well here. Good work! You must be aware that there is a difference between this 2.2.1 and 2.2.0 regarding the display of the Create Database box. A user which only has a create priv on a non-existant db, would not get the box. I don't know if this is important, because I hope that sysadmins will use this setting: $cfgAllowUserDropDatabase = FALSE; so the possibility of users deleting their own db and then wanting to recreate it is reduced. I would be ready to accept this minor problem because the patch adds security and removes the stduser constraint.
- to really skip all the "get dbs list from the mysql db" if $cfgServers[i]['only_db'] is set.
Seems to work ok. A small point: I lose the Logout link when only_db is set.
Could you try it and tell me what your opinions about it are?
Thanks, Loïc
---------------------------------------------------------------------------------------------------- Name: common.lib.tar.gz common.lib.tar.gz Type: Unix Tape Archive (application/x-tar) Encoding: base64
-- Marc Delisle Service de l'informatique Collège de Sherbrooke, Québec
participants (3)
-
Loïc
-
Marc Delisle
-
Marc Delisle