[Phpmyadmin-devel] prevent users from seeing status and variables, why?
Marc Delisle
Marc.Delisle at cegepsherbrooke.qc.ca
Wed Nov 9 10:51:29 CET 2005
Sebastian Mendel a écrit :
> Hi,
>
> what is the reason for setting this default values to false?
>
>
> $cfg['ShowMysqlInfo'] = FALSE; // whether to display the "MySQL
> runtime
> $cfg['ShowMysqlVars'] = FALSE; // information", "MySQL system
> variables", "PHP
> $cfg['ShowPhpInfo'] = FALSE; // information" and "change
> password" links for
> $cfg['ShowChgPassword'] = FALSE; // simple users or not
>
>
About the SHOW PHP info, there was a time when the cookie containing the
password was visible there in plain text, it might explain the reason
for this default.
For mysqlinfo and mysqlvars, I think it was determined that this is
information useful for a system admin.
For the password change, I think that most of users, if they have the
possibility of changing their password, will do it, then will complain
in phpMyAdmin support forums because all their other MySQL apps are now
broken.
Marc
More information about the Developers
mailing list