[Phpmyadmin-devel] disabled functions for security
Rabus
rabus at bugfixes.info
Sat Feb 22 15:37:02 CET 2003
-----Original Message-----
From: Marc Delisle
>
> We got a report from a user, his ISP has disabled ini_get() and
> mysql_list_dbs() for security reasons.
Disabling ini_get() is OK, but who the f*** disables mysql_list_dbs()
???
I wonder if we shouldn't bypass mysql_list_dbs() by mysql_query('SHOW
DATABASES;') since this should bring the same result.
>
> Problem is, in this case, function_exists('ini_get') is true
> even if ini_get() is disabled.
>
This is a problem, indeed. As far as I can say, we can only work around
this by adding a new directive to the config file, e.g.
$cfg['IniGetDisabled'] with default value FALSE. In this case we simply
replace ...
function_exists('ini_get')
... by ...
(!$cfg['IniGetDisabled'] && function_exists('ini_get'))
Alexander M. Turek
<alex at bugfixes.info>
+-----------------------------+
| The phpMyAdmin Project |
| http://www.phpmyadmin.net |
| rabus at users.sourceforge.net |
+-----------------------------+
| [bugfixes.info] |
| http://www.bugfixes.info |
| rabus at bugfixes.info |
+-----------------------------+
More information about the Developers
mailing list