[Phpmyadmin-devel] about 3.1 and new setup

Michal Čihař michal at cihar.com
Mon Nov 10 16:10:44 CET 2008


Dne Mon, 10 Nov 2008 09:55:39 -0500
Marc Delisle <Marc.Delisle at cegepsherbrooke.qc.ca> napsal(a):

> I don't see why it would be less safe if the setup script asks FTP or
> SFTP credentials and uses this to load and store the config file.

It would not be less safe (if implemented properly), but it is much
more work and it can not work in many cases (as a example look at SF
web services, AFAIK you can not open any network connection there).

> >> Instead, we could use cURL or FTP extensions to load and store the
> >> configuration directly in the main directory. FTP credentials would be
> >> passed to the interface and used for setup purposes.
> > 
> > This still does not solve problem for all users, as some hostings have
> > only scp/sftp (similar to web services on sourceforge). And you can
> > hardly do this from PHP.
> With http://ca.php.net/manual/en/function.ssh2-sftp.php ?

1. It is an external module, so it is usually not available.
2. You need to handle keys, fingerprints and all other crap manually.
It is doable, but it is lot of code to make it properly.

I'm not against adding additional ways to put config to the server, but
now it's IMHO too late in release cycle to add big amount of new code
and we should not drop current option to simply save config to
precreated directory.

	Michal Čihař | http://cihar.com | http://blog.cihar.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <http://lists.phpmyadmin.net/pipermail/developers/attachments/20081110/864956a9/attachment.sig>

More information about the Developers mailing list