[Phpmyadmin-devel] about ShowServerInfo
Sebastian Mendel
lists at sebastianmendel.de
Wed Dec 16 12:48:35 CET 2009
Am 11.12.2009 14:29, schrieb Herman van Rink:
> Marc Delisle wrote:
>> Herman van Rink a écrit :
>>> I can imagine that some people would rather obscure these facts from
>>> view.
>>> So yes, lets make ShowServerInfo realy mean all that server info.
>>
>> I'm working on it.
>>> In that same reasoning maybe we should also offer an option to not
>>> display the phpMyAdmin version.
>>>
>> I would wait about this one.
> The Drupal community has had a lengthy discussion about this:
> http://drupal.org/node/79018
> A good point in made about not relying on security by obscurity.
>
> In a similar fashion we could include a small note in the documentation
> about which files to delete/hide/make unreadable to keep this info from
> just every web-client.
no one relies on security by obscurity - at least not here in the pma
devel team, IMHO
it is just an information disclosure we (hm, at least i am listening)
are talking here about
let the user choose whether to display the information or not - even if
i think it makes not much sense
at least most of the MySQL Server related information can be gathered by
simple SQL statements
--
Sebastian Mendel
More information about the Developers
mailing list