[Phpmyadmin-devel] User configurability of SQL validator

Michal Čihař michal at cihar.com
Tue Jul 27 15:49:21 CEST 2010


Hi

does it make sense to include SQL validator in user settings?

First it has some dependencies (SOAP) and it really does not make sense
to allow user to enable it unless they are satisfied (he will get only
errors).

The more important is that I believe this is something what admin
should control, as it makes connection to untrusted server, which could
be easily used to some exploit if exploitable bug is found in SOAP
extension or lower functions which SOAP extension do use. Also sending
queries to third party is again something admin might don't want but
user won't see it problematic.

So I think this option could be controlled by user only once admin has
allowed it.

-- 
	Michal Čihař | http://cihar.com | http://blog.cihar.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.phpmyadmin.net/pipermail/developers/attachments/20100727/00e7bb20/attachment.sig>


More information about the Developers mailing list