[Phpmyadmin-devel] AllowArbitraryServer and synchronisation
michal at cihar.com
Mon Jan 31 16:19:49 CET 2011
Dne Fri, 28 Jan 2011 11:33:32 -0500
Marc Delisle <marc at infomarc.info> napsal(a):
> Michal Čihař a écrit :
> > Hi all
> > for security reasons we have chosen AllowArbitraryServer to be disabled
> > by default. On the other side we have synchronization feature which
> > allows to connect to arbitrary server as well and fetch any data from
> > it.
> > I think this disproportion should be fixed. I can see two approaches:
> > 1. The other option would be to drop AllowArbitraryServer completely as
> > right now it really does not bring any security.
> I'm not in favor.
> > 2. Make AllowArbitraryServer really work as expected:
> > - Make AllowArbitraryServer enabled by default. I don't think the risk
> > is too big and many people would use this feature.
> I'm also not in favor, because of the increased risk. By doing so by
> default we open the door to access (or try to access) any MySQL server
> reachable by this web server.
> I also don't like the extra "Server" question that this would bring.
> > - If AllowArbitraryServer is set to false, disallow synchronization
> > with arbitrary server as well.
> I am in favor of this suggestion.
As there are no other comments to this, I've filed bug #3168733  to
track this problem.
Michal Čihař | http://cihar.com | http://blog.cihar.com
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 836 bytes
Desc: not available
More information about the Developers