[Phpmyadmin-devel] Proposed changes to demo server and GSOC guidelines

Michal Čihař michal at cihar.com
Mon Aug 8 18:11:41 CEST 2011


Hi

Dne Thu, 4 Aug 2011 14:46:17 +0200
Piotr Przybylski <piotr.prz at gmail.com> napsal(a):

> So, I propose to:
> 1. Exchange MariaDB and MySQL databases in config file.
> 2. Change automatic login to select MySQL database which now has index 1.

Done, this makes sense.

> 3. Create some sample database with tables and columns which are
> potentially dangerous.

We already had similar topic on security list, but let's open it here
again. The question here is whether the demo server is primarily for
users or developers. Counting number of visitors on the website, it's
clearly mostly visited by users, so giving there developer only things,
which could confuse this is probably not a good idea.

Also see test/test_data/exploit_test.sql for example data.

> Also, create a guidelines for future GSOC with a sample configuration
> consisting of two servers (the first one can be a broken fake, student
> should work with the second one) and a SQL script which creates tables
> from point 3. above, with some explanation on escaping and that MySQL
> identifiers can also contain dangerous data (not a security issue, but
> it do can break page layout).

Any volunteers to write this down to the wiki? And I don't think this
is limited to GSoC, but generally to any development.

-- 
	Michal Čihař | http://cihar.com | http://blog.cihar.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.phpmyadmin.net/pipermail/developers/attachments/20110808/7e1a270a/attachment.sig>


More information about the Developers mailing list