[Phpmyadmin-devel] about 3.1 and new setup

Marc Delisle Marc.Delisle at cegepsherbrooke.qc.ca
Mon Nov 10 15:55:39 CET 2008


Michal Čihař a écrit :
> Hi
> 
> Dne Mon, 10 Nov 2008 08:37:16 -0500
> Marc Delisle <Marc.Delisle at cegepsherbrooke.qc.ca> napsal(a):
> 
>> I have always disliked the "config" directory that we use as a workspace
>> for setup purposes. Beside needing a manual creation and renaming and
>> specific rights, many users do not grasp the concept because other OSS
>> use a config directory to store the effective configuration. This is why
>> I suggest to get rid of it, for 3.1.0-beta2 :)
> 
> The config directory is there to allow safe way of storing settings on
> server. It has to be manually created by user, because it can have
> security implications if setup script is not password protected (what
> is not by default). Furthermore it is useful for integration in
> distribution - eg. Debian creates config directory automatically and
> password protects setup - you can configure phpMyAdmin over web without
> any additional effort.

Hi Michal,
I don't see why it would be less safe if the setup script asks FTP or
SFTP credentials and uses this to load and store the config file.


> 
>> Instead, we could use cURL or FTP extensions to load and store the
>> configuration directly in the main directory. FTP credentials would be
>> passed to the interface and used for setup purposes.
> 
> This still does not solve problem for all users, as some hostings have
> only scp/sftp (similar to web services on sourceforge). And you can
> hardly do this from PHP.

With http://ca.php.net/manual/en/function.ssh2-sftp.php ?
> 
> However having it as an option could be a possibility.





More information about the Developers mailing list