[Phpmyadmin-devel] restricting or removing /setup
michal at cihar.com
Mon Aug 1 15:29:01 CEST 2011
Dne Sat, 16 Jul 2011 08:17:25 -0400
Marc Delisle <marc at infomarc.info> napsal(a):
> Yes but in these applications, their installation program does things like
> - letting you choose an admin password
> - entering database credentials
> - creating initial database
> - creating the effective configuration file
> This is why they ask (or sometimes enforce) to remove the setup directory.
> I don't see the same need for phpMyAdmin because our setup code never
> writes to the effective configuration file, only to a staging one.
Yes, this is true. However you generally don't need setup after
initial installation, so removing it also won't hurt. And publicly
exposing less (potentially vulnerable) code is always good idea :-).
Michal Čihař | http://cihar.com | http://phpmyadmin.cz
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 836 bytes
Desc: not available
More information about the Developers