[Phpmyadmin-devel] about arbitrary auth_type
DelislMa at CollegeSherbrooke.qc.ca
Fri Sep 12 12:36:34 CEST 2003
Michal Cihar a écrit:
> Hi all
> Original message (Rabus, 11.09.2003 11:47):
>>It has to be possible to disable the arbitary server mode. Not for cosmetic
>>reasons: for security reasons!
>>Let's imagin a small company network with two servers: server 1 and server
>>2, both running the MySQL server software.
>>Server 1 is connected to the internet permanently. The MySQL database on
>>server 1 sometimes has to be accessed from outside the network. This is why
>>the sysadmin installed phpMyAdmin on server 1.
>>The MySQL server on server 2 contains serious data and may not be accessible
>>from the internet. Nevertheless, this database powers some php scripts
>>running on server 1, so server 1 has to be able to connect to server 2's
>>In this case, phpMyAdmin would be a security hole, if the arbitrary server
>>mode wouldn't be configurable.
>>In addition to this, an internet user would not only be able to access
>>server 1 and 2, he would also be able to use the owner's bandwidth to access
>>thousands of different servers all over the world.
> I completely agree, I thought there could be some security problems...
> The question now is how to make it:
> - keep arbitrary auth is as separate auth method
> - merge it with cookie and add option for enabling it
I suggest to merge it with cookies, add a config variable to enable it
but disable it by default, adding appropriate warning about the security implications.
About the thousands open servers that Rabus mentions, we could add a warning in
our doc, referring users to http://www.mysql.com/doc/en/General_security.html
and the fact that port 3306 should not be accessible from untrusted hosts.
Sadly we cannot detect this fact to warn them.
More information about the Developers