[Phpmyadmin-devel] about ShowServerInfo

Marc Delisle marc at infomarc.info
Wed Dec 16 14:08:54 CET 2009


Sebastian Mendel a écrit :
> Am 11.12.2009 14:29, schrieb Herman van Rink:
>> Marc Delisle wrote:
>>> Herman van Rink a écrit :
>>>> I can imagine that some people would rather obscure these facts from
>>>> view.
>>>> So yes, lets make ShowServerInfo realy mean all that server info.
>>> I'm working on it.
>>>> In that same reasoning maybe we should also offer an option to not
>>>> display the phpMyAdmin version.
>>>>
>>> I would wait about this one.
>> The Drupal community has had a lengthy discussion about this:
>> http://drupal.org/node/79018
>> A good point in made about not relying on security by obscurity.
>>
>> In a similar fashion we could include a small note in the documentation
>> about which files to delete/hide/make unreadable to keep this info from
>> just every web-client.
> 
> no one relies on security by obscurity - at least not here in the pma 
> devel team, IMHO
> 
> it is just an information disclosure we (hm, at least i am listening) 
> are talking here about
> 
> let the user choose whether to display the information or not - even if 
> i think it makes not much sense

Sebastian,
who do you mean by "the user"? The person who runs phpMyAdmin or the one 
who has access to configure it?

> 
> at least most of the MySQL Server related information can be gathered by 
> simple SQL statements
> 
> 


-- 
Marc Delisle
http://infomarc.info




More information about the Developers mailing list