[Phpmyadmin-devel] Two problems...
Loïc
loic-div at ifrance.com
Thu Oct 11 09:03:13 CEST 2001
Hi All!
First problem:
--------------
Let's say you have such a config :
$cfgServers[1]['host'] = 'my_host';
...
$cfgServers[1]['adv_auth'] = TRUE;
$cfgServers[1]['stduser'] = 'user1';
$cfgServers[1]['stdpass'] = 'passwd1';
...
$cfgServers[1]['only_db'] = '';
...
$cfgServers[2]['host'] = 'my_host';
...
$cfgServers[2]['adv_auth'] = TRUE;
$cfgServers[2]['stduser'] = 'user2';
$cfgServers[2]['stdpass'] = 'passwd2';
...
$cfgServers[2]['only_db'] = 'db2';
...
Then you would be displayed the server choice with two options
at the starting right frame.
Let's say you are user2.
Since both the $cfgServers arrays use the same host and you have
MySQL rights to access it, you may choose to login to $cfgServers[1].
And then you may easlly skip the 'only_db' setting.
Moreover, if you login to $cfgServers[2] the left frame will display
only the 'db2' database. Fine... but if you have right access to
other dbs on this server you are able to run queries on these dbs.
An easy fix for the first problem would be to ensure to use the valid
$cfgServers thanks to $cfgServers[i]['stduser'] once the
authentication is passed. But with Marc (and thanks to a suggestion
from Piotr) we're working on a version that no long need the login
and password to be stored in the config. file if advanced
authentication is used. This would widely improve security.
In a few words, I wonder if the 'only_db' setting is really usefull.
And I'm also afraid how dangerous it could be: I discussed with ISP
webmasters at the beginning of this week and some of them just use
the 'only_db' setting without worying too much about MySQL grants!
They presumed phpMyAdmin far or less handle the databases access
rights since the 'only_db' setting is not well documented or not
documented enough.
Second problem:
--------------
In the discussions I've had, I've also faced an other problem that
seems widepsread enough to be reported: some of the webmasters have
had a deeper (even if not deep enough) look at the MySQL privileges
system and at the phpMyAdmin login procedure. They have then
understand that if an user does not have the global "select"
privilege, PMA tries to build the databases list from the "mysql.db"
table. So they setup some globals privileges but not the "select" one
for each user and just define "SELECT" one for relevant databases in
"mysql.db".
This way only databases with the "SELECT" grant are diplayed in the
left frame of course, but each user is allowed to use the other ones.
For example if the global "DROP" privilege is set to "Y", any user is
able to drop... the "mysql" db even if it's not displayed in the left
frame!
We should really add some words about security in the documentation
and emphasis the words "phpMyAdmin does not handle rights itself, it
only uses MySQL ones"... and my english is not fluently enough to do
it myself.
Regards,
Loïc
______________________________________________________________________________
ifrance.com, l'email gratuit le plus complet de l'Internet !
vos emails depuis un navigateur, en POP3, sur Minitel, sur le WAP...
http://www.ifrance.com/_reloc/email.emailif
More information about the Developers
mailing list