[Phpmyadmin-devel] Protect against attack on scripts in /libraries
Marc Delisle
Marc.Delisle at cegepsherbrooke.qc.ca
Sun Nov 20 15:54:01 CET 2005
Michal Čihař a écrit :
> Hi all
>
> while speaking with friend about some recent security issues, we came to
> quite obvious idea, that access to /libraries folder should be disabled
> (by providing .htaccess file and suggesting same configuration in
> documentation) and all stuff that needs direct access should go out of
> this folder. Stuff that I quickly found that needs to be moved:
>
> - *.js - create /js folder for it?
> - libraries/transformations/overview.php - should be IMHO in root anyway
>
> Is there something else I missed? Any comments on implementing this in
> 2.7.0 branch?
>
As IMO this is an improvement for security in general (path disclosure) and not
a direct problem we have with 2.7.0, I would prefer to let 2.7.0 as is and start
moving stuff in HEAD.
Marc
More information about the Developers
mailing list