[Phpmyadmin-devel] restricting or removing /setup

Michal Čihař michal at cihar.com
Mon Aug 1 15:29:01 CEST 2011


Dne Sat, 16 Jul 2011 08:17:25 -0400
Marc Delisle <marc at infomarc.info> napsal(a):

> Yes but in these applications, their installation program does things like
> - letting you choose an admin password
> - entering database credentials
> - creating initial database
> - creating the effective configuration file
> This is why they ask (or sometimes enforce) to remove the setup directory.
> I don't see the same need for phpMyAdmin because our setup code never 
> writes to the effective configuration file, only to a staging one.

Yes, this is true. However you generally don't need setup after
initial installation, so removing it also won't hurt. And publicly
exposing less (potentially vulnerable) code is always good idea :-).

	Michal Čihař | http://cihar.com | http://phpmyadmin.cz
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.phpmyadmin.net/pipermail/developers/attachments/20110801/5fd5b51a/attachment.sig>

More information about the Developers mailing list