[Phpmyadmin-devel] about ShowServerInfo
Marc Delisle
marc at infomarc.info
Wed Dec 16 14:08:54 CET 2009
Sebastian Mendel a écrit :
> Am 11.12.2009 14:29, schrieb Herman van Rink:
>> Marc Delisle wrote:
>>> Herman van Rink a écrit :
>>>> I can imagine that some people would rather obscure these facts from
>>>> view.
>>>> So yes, lets make ShowServerInfo realy mean all that server info.
>>> I'm working on it.
>>>> In that same reasoning maybe we should also offer an option to not
>>>> display the phpMyAdmin version.
>>>>
>>> I would wait about this one.
>> The Drupal community has had a lengthy discussion about this:
>> http://drupal.org/node/79018
>> A good point in made about not relying on security by obscurity.
>>
>> In a similar fashion we could include a small note in the documentation
>> about which files to delete/hide/make unreadable to keep this info from
>> just every web-client.
>
> no one relies on security by obscurity - at least not here in the pma
> devel team, IMHO
>
> it is just an information disclosure we (hm, at least i am listening)
> are talking here about
>
> let the user choose whether to display the information or not - even if
> i think it makes not much sense
Sebastian,
who do you mean by "the user"? The person who runs phpMyAdmin or the one
who has access to configure it?
>
> at least most of the MySQL Server related information can be gathered by
> simple SQL statements
>
>
--
Marc Delisle
http://infomarc.info
More information about the Developers
mailing list