[Phpmyadmin-devel] User configurability of SQL validator

Piotr Przybylski piotr.prz at gmail.com
Tue Jul 27 19:48:10 CEST 2010


2010/7/27 Marc Delisle <marc at infomarc.info>:
> Michal Čihař a écrit :
>> Hi
>>
>> does it make sense to include SQL validator in user settings?
>>
>> First it has some dependencies (SOAP) and it really does not make sense
>> to allow user to enable it unless they are satisfied (he will get only
>> errors).
>>
>> The more important is that I believe this is something what admin
>> should control, as it makes connection to untrusted server, which could
>> be easily used to some exploit if exploitable bug is found in SOAP
>> extension or lower functions which SOAP extension do use. Also sending
>> queries to third party is again something admin might don't want but
>> user won't see it problematic.
>>
>> So I think this option could be controlled by user only once admin has
>> allowed it.
>
> Indeed.

Ok, removed.

-- 
Piotr Przybylski




More information about the Developers mailing list