[Phpmyadmin-devel] Re: prevent users from seeing status and variables, why?

Michal Čihař michal at cihar.com
Fri Nov 11 02:55:31 CET 2005


On Fri 11. 11. 2005 09:02, Sebastian Mendel wrote:
> the difference of phpinfo() with the other settings below is, that
> this should depend on if the user is 'superuser' on the 'localhost'!
> if i have a local PMA installation to manage localhost(user:root),
> intra.myweb.de(user:web) and www.myweb.de(user:web) - phpinfo() is
> hidden only if i select one of the two external servers - but without
> any reason

There is no relation on being superuser in mysql and beeing able to have 
information about webserver. I'd leave this only on config option.

So my suggestion:
Drop $cfg['ShowMysqlInfo'] and $cfg['ShowMysqlVars'] and show them in 
all cases. Drop $is_superuser condition from showing php info.

    Michal Čihař | http://cihar.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.phpmyadmin.net/pipermail/developers/attachments/20051111/733320b7/attachment.sig>

More information about the Developers mailing list