[Phpmyadmin-devel] disabled functions for security

Rabus rabus at bugfixes.info
Sat Feb 22 15:37:02 CET 2003

-----Original Message-----
From: Marc Delisle
> We got a report from a user, his ISP has disabled ini_get() and
> mysql_list_dbs() for security reasons.

Disabling ini_get() is OK, but who the f*** disables mysql_list_dbs()
I wonder if we shouldn't bypass mysql_list_dbs() by mysql_query('SHOW
DATABASES;') since this should bring the same result.

> Problem is, in this case, function_exists('ini_get') is true
> even if ini_get() is disabled.

This is a problem, indeed. As far as I can say, we can only work around
this by adding a new directive to the config file, e.g.
$cfg['IniGetDisabled'] with default value FALSE. In this case we simply
replace ...


... by ...

(!$cfg['IniGetDisabled'] && function_exists('ini_get'))

Alexander M. Turek
<alex at bugfixes.info>

| The phpMyAdmin Project      |
| http://www.phpmyadmin.net   |
| rabus at users.sourceforge.net |
| [bugfixes.info]             |
| http://www.bugfixes.info    |
| rabus at bugfixes.info         |

More information about the Developers mailing list