[Phpmyadmin-devel] AllowArbitraryServer and synchronisation
Michal Čihař
michal at cihar.com
Fri Jan 28 15:05:28 CET 2011
Hi all
for security reasons we have chosen AllowArbitraryServer to be disabled
by default. On the other side we have synchronization feature which
allows to connect to arbitrary server as well and fetch any data from
it.
I think this disproportion should be fixed. I can see two approaches:
1. The other option would be to drop AllowArbitraryServer completely as
right now it really does not bring any security.
2. Make AllowArbitraryServer really work as expected:
- Make AllowArbitraryServer enabled by default. I don't think the risk
is too big and many people would use this feature.
- If AllowArbitraryServer is set to false, disallow synchronization
with arbitrary server as well.
But maybe I'm missing some other possibility. Comments?
--
Michal Čihař | http://cihar.com | http://blog.cihar.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.phpmyadmin.net/pipermail/developers/attachments/20110128/8a116cf4/attachment.sig>
More information about the Developers
mailing list