[Phpmyadmin-devel] Piotr's tree and sensible options
Piotr Przybylski
piotr.prz at gmail.com
Wed Jul 21 16:23:23 CEST 2010
2010/7/21 Marc Delisle <marc at infomarc.info>:
> Hi Piotr,
> is there a way for a sysadmin (of a shared phpMyAdmin installation) to
> indicate which setting is available or not for "normal" users?
Yes, config file has a key 'UserprefsDisallow', which contains names
of values that users cannot override. Also, setup script has
checkboxes (next to each option) which allow to modify this. Settings
in 'UserprefsDisallow' are marked as DISABLED in user preferences (and
are listed in Blacklist section of my debug message).
> I'm asking because I know, for example, that some sysadmins want to
> disable the "Show detailed MySQL server info" for all their users.
>
> I'm not saying that we need such mechanism, but we'll have to be careful
> in the choices we give to users if they are perceived by sysadmins as
> related to security.
In addition to disabling options, some are only partially editable by
users. Namely:
* MaxDbList, MaxTableList, QueryHistoryMax - users can set values
which are equal to or lower than the one hardcoded in config.*.php
* AllowUserDropDatabase, UseDbSearch, QueryHistoryDB, ShowPhpInfo,
ShowChgPassword - these can be only disabled (changed from true to
false), enabling them is impossible for users
Both cases above are marked by an icon with comment in setup script.
--
Piotr Przybylski
More information about the Developers
mailing list