[Phpmyadmin-devel] about strConfigDirectoryWarning
michal at cihar.com
Wed Mar 25 14:10:08 CET 2009
Dne Wed, 25 Mar 2009 07:46:34 -0400
Marc Delisle <Marc.Delisle at cegepsherbrooke.qc.ca> napsal(a):
> I understand the idea behind this new message
> $strConfigDirectoryWarning = 'Directory [code]config[/code], which is
> used by the setup script, still exists in your phpMyAdmin directory. You
> should remove it once phpMyAdmin has been configured.'; //to translate
> but what I find unfortunate is that, by adding this warning, we will
> discourage admins to use the web-based interface for ongoing
> configuration tasks which can be more frequent than just the initial
They just need to make it temporarily available during configuration, it
should not be there during normal operations.
> Maybe verify whether the directory is writable and if so, produce a
> warning? This way the admin would just have to change permission.
Even having the directory there can cause problems - it contains
generated config file, which setup script can read and display. This
way anonymous user can read anything what is in configuration (eg.
control user credentials).
Michal Čihař | http://cihar.com | http://blog.cihar.com
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 197 bytes
Desc: not available
More information about the Developers