[Phpmyadmin-devel] Re: prevent users from seeing status and variables, why?
Marc Delisle
Marc.Delisle at cegepsherbrooke.qc.ca
Fri Nov 11 05:25:04 CET 2005
Michal Čihař a écrit :
> Hi
>
> On Fri 11. 11. 2005 09:02, Sebastian Mendel wrote:
>
>>the difference of phpinfo() with the other settings below is, that
>>this should depend on if the user is 'superuser' on the 'localhost'!
>>
>>if i have a local PMA installation to manage localhost(user:root),
>>intra.myweb.de(user:web) and www.myweb.de(user:web) - phpinfo() is
>>hidden only if i select one of the two external servers - but without
>>any reason
>
>
> There is no relation on being superuser in mysql and beeing able to have
> information about webserver. I'd leave this only on config option.
>
> So my suggestion:
> Drop $cfg['ShowMysqlInfo'] and $cfg['ShowMysqlVars'] and show them in
> all cases. Drop $is_superuser condition from showing php info.
>
>
Ok for me.
More information about the Developers
mailing list