[Phpmyadmin-devel] $is_superuser and ShowPhpInfo
Michal Čihař
michal at cihar.com
Mon Jul 10 11:35:48 CEST 2006
On Sun, 09 Jul 2006 19:40:10 -0400
Marc Delisle <Marc.Delisle at cegepsherbrooke.qc.ca> wrote:
> after this change:
> http://phpmyadmin.cvs.sourceforge.net/phpmyadmin/phpMyAdmin/main.php?r1=2.83&r2=2.84
>
> we no longer present the "Show PHP information" to superusers if
> $cfg['ShowPhpInfo'] is false.
>
> But, our doc says:
> $cfg['ShowPhpInfo'] boolean
> $cfg['ShowChgPassword'] boolean
> $cfg['ShowCreateDb'] boolean
> Defines whether to display the "PHP information" and "Change
> password " links and form for creating database or not for simple users
> at the starting main (right) frame. This setting does not check MySQL
> commands entered directly.
>
> As I read this doc, it seems to apply to "simple users". So I would like
> to revert to previous behavior. IMO, a superuser should always see this
> link. The intention of the ShowPhpInfo parameter was to block this
> information for simple users -- well, at least, to block displaying the
> link.
I prefer not to show phpinfo at all if disabled. MySQL superuser
doesn't have to be trusted enough to see such information. I think that
argument for the change was exactly the same. The doc should reflect
code change.
--
Michal Čihař | http://cihar.com | http://blog.cihar.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.phpmyadmin.net/pipermail/developers/attachments/20060710/6a645311/attachment.sig>
More information about the Developers
mailing list