[Phpmyadmin-devel] [Phpmyadmin-cvs] DisableIS in

Wed May 7 00:50:34 CEST 2008

Yes, there are security issues, see our security page on phpmyadmin.net.

The full date for implementing this is unknown.
By the way, do you have triggers? If not you could just disable this part of the code to avoid this query.

-----Original Message-----
From: Rekrutacja <rekrutacja119 at gmail.com>
To: phpmyadmin-cvs at lists.sourceforge.net
Date: Tue, 06 May 2008 14:55:32 +0200
Subject: Re: [Phpmyadmin-cvs] [Phpmyadmin-devel]  DisableIS in

yes, but you said 'so I merged the change and the doc reference' , and 
then asked me if it is faster now, so i assumed you changed something.

anyways, it didn't help, and yes, i have many many databases.

i'm using latest 2.6 pma branch now to avoid it, is there any security 
issues with this old pma?

does DisableIS is going to be implemented fully soon?

Marc Delisle wrote:
> I think Sebastian answered previously that the DisableIS setting is not fully implemented. Also, please provide more information: do you have a large number of databases/tables?
> 
> -----Original Message-----
> From: Rekrutacja <rekrutacja119 at gmail.com>
> To: phpmyadmin-cvs at lists.sourceforge.net
> Date: Mon, 05 May 2008 16:29:48 +0200
> Subject: Re: [Phpmyadmin-cvs] [Phpmyadmin-devel]  DisableIS in
> 
>>>>> The EVENT_OBJECT_SCHEMA seems to always have the same content as 
>>>>> TRIGGER_SCHEMA, but I just noticed that in the MySQL manual they 
>>>>> suggest using TRIGGER_SCHEMA in the WHERE clause as you suggested, 
>>>>> so I merged the change and the doc reference (for version 2.11.7)
>>>>>
>>>>> http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/QA_2_11/phpMyAdmin/libraries/database_interface.lib.php?r1=11196&r2=11215 
>>>>>
>>>>> Rekrutacja, is it faster this way on your server?
>>>> i've tried latest 3.0-dev version, from svn (did checkout just few
>>>> minutes ago), and it is still slow.
>>>>
>>>>   Query   |   30 | checking permissions | SELECT TRIGGER_SCHEMA,
>>>> TRIGGER_NAME, EVENT_MANIPULATION, ACTION_TIMING, ACTION_STATEMENT,
>>>> EVENT_OBJECT_SCHEMA, EVENT_OBJECT_TABLE FROM information_schema.TRIGGERS
>>>> WHERE TRIGGER_SCHEMA= 'test99' and EVENT_OBJECT_TABLE = 'phpbb2_confirm'
>>> whats your MySQL server version?
>>>
>>>
>> 5.0.51a-3 , from debian package
>>
>>
> 
> so, any news? my server is still affected, i've tried latest 3.0 
> version, snapshot from 5th may, and it is still happening.
> 
> got this for example:
> 
> Query   |    37 | checking permissions | SELECT TRIGGER_SCHEMA, 
> TRIGGER_NAME, EVENT_MANIPULATION, ACTION_TIMING, ACTION_STATEMENT, 
> EVENT_OBJECT_SCHEMA, EVENT_OBJECT_TABLE FROM information_schema.TRIGGERS 
> WHERE TRIGGER_SCHEMA= 'test99' and EVENT_OBJECT_TABLE = 
> 'phpbb_poll_options' |
> 
> 
> i suppose it's turned on, the only place i see this options is 
> libraries/config.default.php
> 
> # grep DisableIS libraries/config.default.php
> $cfg['Servers'][$i]['DisableIS'] = true;
> #
> 
> so i suppose it's enough.
> 
> why it's not working?
> 
> -------------------------------------------------------------------------
> This SF.net email is sponsored by the 2008 JavaOne(SM) Conference 
> Don't miss this year's exciting event. There's still time to save $100. 
> Use priority code J8TL2D2. 
> http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
> _______________________________________________
> Phpmyadmin-cvs mailing list
> Phpmyadmin-cvs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/phpmyadmin-cvs
> 
> 
> 
> 

-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference 
Don't miss this year's exciting event. There's still time to save $100. 
Use priority code J8TL2D2. 
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
_______________________________________________
Phpmyadmin-cvs mailing list
Phpmyadmin-cvs at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/phpmyadmin-cvs