[Phpmyadmin-devel] about arbitrary auth_type

Marc Delisle DelislMa at CollegeSherbrooke.qc.ca
Fri Sep 12 12:36:34 CEST 2003


Michal Cihar a écrit:
> Hi all
> 
> Original message (Rabus, 11.09.2003 11:47):
> 
>>It has to be possible to disable the arbitary server mode. Not for cosmetic
>>reasons: for security reasons!
>>
>>Let's imagin a small company network with two servers: server 1 and server
>>2, both running the MySQL server software.
>>Server 1 is connected to the internet permanently. The MySQL database on
>>server 1 sometimes has to be accessed from outside the network. This is why
>>the sysadmin installed phpMyAdmin on server 1.
>>
>>The MySQL server on server 2 contains serious data and may not be accessible
>>from the internet. Nevertheless, this database powers some php scripts
>>running on server 1, so server 1 has to be able to connect to server 2's
>>MySQL database.
>>
>>In this case, phpMyAdmin would be a security hole, if the arbitrary server
>>mode wouldn't be configurable.
>>
>>In addition to this, an internet user would not only be able to access
>>server 1 and 2, he would also be able to use the owner's bandwidth to access
>>thousands of different servers all over the world.
> 
> 
> I completely agree, I thought there could be some security problems...
> The question now is how to make it:
> 
> - keep arbitrary auth is as separate auth method
> - merge it with cookie and add option for enabling it
> 
> Comments?
> 

I suggest to merge it with cookies, add a config variable to enable it
but disable it by default, adding appropriate warning about the security implications.

About the thousands open servers that Rabus mentions, we could add a warning in
our doc, referring users to http://www.mysql.com/doc/en/General_security.html
and the fact that port 3306 should not be accessible from untrusted hosts.

Sadly we cannot detect this fact to warn them.

Marc





More information about the Developers mailing list