[Phpmyadmin-devel] Re: Debate on using newly added PHP (and MySQL) functions in core phpMyAdmin functions:

Tue Sep 25 13:47:03 CEST 2001

Hey Marc (and others)...

> I respect the points you mention, but I would like a clarification on your
part.

Shoot away ;O)

> Are you only "feeling" a fear, or do you have facts to back your point
that the
> code-changes are starting to compromise security and compatibility?

No, no, I woulden't say that any of the developers on the project in
generally has started to write code that compromise security or
compability...

But I call for the awareness of the dangerous path of development being
maintained on a large project with many developers and even more users
helping with supplying bugfixes and feature improvements/enhancements - as I
see it for the moment the code is very stable and the security is good - but
with the many code-rewrites and more code-rearrangeing that's made, we
should keep more and more attention to not only checking the code for
browser-compability - but also checking that security isen't compromised
with the many code-changes.

And I still haven't seen any discussions on any code-rewrites - that's about
whether the change might create a security issue or not - and most of our
testusers (that uses the CVS version) will not sit down and test code for
security breaches, but only that new (and old) features work correct - with
the correct (and legal) use of phpMyAdmin.

So I was in no way attempting to imply that any on the developer team writes
lazy/faulty code or anything that... With my starting mail - I simply wanted
to draw attention to an issue that might become a problem in the long run -
if we just keep our minds into feature-enhancement (and feature-bugfixes)
and fancy things in general - and not stay focused on the importance in
writing code with as few security breaches as possible.

A good example is the inclusion of the phpinfo.php3 file - which provides
really important information about the server that phpMyAdmin runs on - and
nobody had their attention to including the AUTH-check in this file... A
mistake that wasen't fatal in any way - but the next mistake might be far
more fatal...

My question to some thoughts (in which my original post was intended): can
we afford to make fatal mistakes in this matter - in an administration
application used by 100.000+ users around the world - used by
administrators, developers, ISPs etc. etc. etc. - can we afford to _hope
that_/_rely on_ some one will find the security holes before the release of
final-versions of phpMyAdmin? Just because we all might be caught up in
rewriting code and enhancing features or adding new fancy stuff (because
that's far more fun than to check already written code) ;o)

Hope this clears it up a bit? But please anybody - do comment in any way -
because I think that focus on this subject is in any way for the best of
phpMyAdmin ;-)))

PS. It might look like I'm being paranoid - but I work as a web system
developer at the largest ISP in Denmark (TDC Internet), and has to keep
focus on security in all that I do :-/ (sometime it would be more fun just
write new stuff and fuck the 'bad' code I've written i the past - but I
don't think that my employer think it's fun when someone compromises the
security, database-integrity etc.

Wow - that was a long answer :-))) But in any way - I'll check out the code
more closely and see if I can find stuff that might be a problem - as soon
as I'm done with the server-cluster setup I'm doing these next couple of
days :-)))

--
Kind regards
Geert Lund