[Phpmyadmin-devel] AllowArbitraryServer and synchronisation

Michal Čihař michal at cihar.com
Fri Jan 28 15:05:28 CET 2011

Hi all

for security reasons we have chosen AllowArbitraryServer to be disabled
by default. On the other side we have synchronization feature which
allows to connect to arbitrary server as well and fetch any data from

I think this disproportion should be fixed. I can see two approaches:

1. The other option would be to drop AllowArbitraryServer completely as
right now it really does not bring any security.

2. Make AllowArbitraryServer really work as expected:
- Make AllowArbitraryServer enabled by default. I don't think the risk
  is too big and many people would use this feature.
- If AllowArbitraryServer is set to false, disallow synchronization
  with arbitrary server as well.

But maybe I'm missing some other possibility. Comments?

	Michal Čihař | http://cihar.com | http://blog.cihar.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.phpmyadmin.net/pipermail/developers/attachments/20110128/8a116cf4/attachment.sig>

More information about the Developers mailing list