[Phpmyadmin-devel] Protect against attack on scripts in /libraries

Michal Čihař michal at cihar.com
Sun Nov 20 15:28:01 CET 2005


Hi all

while speaking with friend about some recent security issues, we came to 
quite obvious idea, that access to /libraries folder should be disabled 
(by providing .htaccess file and suggesting same configuration in 
documentation) and all stuff that needs direct access should go out of 
this folder. Stuff that I quickly found that needs to be moved:

- *.js - create /js folder for it?
- libraries/transformations/overview.php - should be IMHO in root anyway

Is there something else I missed? Any comments on implementing this in 
2.7.0 branch?

-- 
    Michal Čihař | http://cihar.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.phpmyadmin.net/pipermail/developers/attachments/20051120/b4884cbb/attachment.sig>


More information about the Developers mailing list