[Phpmyadmin-devel] Re: prevent users from seeing status and variables, why?

Michal Čihař michal at cihar.com
Thu Nov 10 05:08:38 CET 2005


On Wed 9. 11. 2005 19:51, Marc Delisle wrote:
> About the SHOW PHP info, there was a time when the cookie containing
> the password was visible there in plain text, it might explain the
> reason for this default.

There is also reason that it can uncover much information about server.

> For mysqlinfo and mysqlvars, I think it was determined that this is
> information useful for a system admin.

Both are also useful for user. We show eg. collations and storage 
engines in all cases, so these two IMHO sould be same case and I do not 
see need for configuration option.

> For the password change, I think that most of users, if they have the
> possibility of changing their password, will do it, then will
> complain in phpMyAdmin support forums because all their other MySQL
> apps are now broken.

Yes, this one should be enabled by admin.

    Michal Čihař | http://cihar.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.phpmyadmin.net/pipermail/developers/attachments/20051110/b641b79c/attachment.sig>

More information about the Developers mailing list