[Phpmyadmin-devel] User configurability of SQL validator
marc at infomarc.info
Tue Jul 27 17:36:09 CEST 2010
Michal Čihař a écrit :
> does it make sense to include SQL validator in user settings?
> First it has some dependencies (SOAP) and it really does not make sense
> to allow user to enable it unless they are satisfied (he will get only
> The more important is that I believe this is something what admin
> should control, as it makes connection to untrusted server, which could
> be easily used to some exploit if exploitable bug is found in SOAP
> extension or lower functions which SOAP extension do use. Also sending
> queries to third party is again something admin might don't want but
> user won't see it problematic.
> So I think this option could be controlled by user only once admin has
> allowed it.
More information about the Developers