[Phpmyadmin-devel] Protect against attack on scripts in /libraries

Marc Delisle Marc.Delisle at cegepsherbrooke.qc.ca
Sun Nov 20 15:54:01 CET 2005


Michal Čihař a écrit :
> Hi all
> 
> while speaking with friend about some recent security issues, we came to 
> quite obvious idea, that access to /libraries folder should be disabled 
> (by providing .htaccess file and suggesting same configuration in 
> documentation) and all stuff that needs direct access should go out of 
> this folder. Stuff that I quickly found that needs to be moved:
> 
> - *.js - create /js folder for it?
> - libraries/transformations/overview.php - should be IMHO in root anyway
> 
> Is there something else I missed? Any comments on implementing this in 
> 2.7.0 branch?
> 

As IMO this is an improvement for security in general (path disclosure) and not 
a direct problem we have with 2.7.0, I would prefer to let 2.7.0 as is and start 
moving stuff in HEAD.

Marc





More information about the Developers mailing list