[Phpmyadmin-devel] User configurability of SQL validator
Marc Delisle
marc at infomarc.info
Tue Jul 27 17:36:09 CEST 2010
Michal Čihař a écrit :
> Hi
>
> does it make sense to include SQL validator in user settings?
>
> First it has some dependencies (SOAP) and it really does not make sense
> to allow user to enable it unless they are satisfied (he will get only
> errors).
>
> The more important is that I believe this is something what admin
> should control, as it makes connection to untrusted server, which could
> be easily used to some exploit if exploitable bug is found in SOAP
> extension or lower functions which SOAP extension do use. Also sending
> queries to third party is again something admin might don't want but
> user won't see it problematic.
>
> So I think this option could be controlled by user only once admin has
> allowed it.
Indeed.
--
Marc Delisle
http://infomarc.info
More information about the Developers
mailing list