[Phpmyadmin-devel] Re: prevent users from seeing status and variables, why?
michal at cihar.com
Thu Nov 10 05:08:38 CET 2005
On Wed 9. 11. 2005 19:51, Marc Delisle wrote:
> About the SHOW PHP info, there was a time when the cookie containing
> the password was visible there in plain text, it might explain the
> reason for this default.
There is also reason that it can uncover much information about server.
> For mysqlinfo and mysqlvars, I think it was determined that this is
> information useful for a system admin.
Both are also useful for user. We show eg. collations and storage
engines in all cases, so these two IMHO sould be same case and I do not
see need for configuration option.
> For the password change, I think that most of users, if they have the
> possibility of changing their password, will do it, then will
> complain in phpMyAdmin support forums because all their other MySQL
> apps are now broken.
Yes, this one should be enabled by admin.
Michal Čihař | http://cihar.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: not available
More information about the Developers