[Phpmyadmin-devel] Redirecting external links

Dieter Adriaenssens dieter.adriaenssens at gmail.com
Mon Jan 31 16:23:03 CET 2011


2011/1/31 Michal Čihař <michal at cihar.com>:
> Hi
> Dne Mon, 31 Jan 2011 15:51:59 +0100
> Dieter Adriaenssens <dieter.adriaenssens at gmail.com> napsal(a):
>> Would it be default behaviour to redirect through phpmyadmin.net, or
>> is at an option?
> Probably as an option (enabled by default if phpMyAdmin is not using
> SSL).
>> What if phpmyadmin.net is unavailable (down, or not reachable by the
>> network where a local version of pma is installed), will links in PMA
>> not work?
> Exactly this is a problem I see as well.
>> If an external redirector is used, isn't the Referer sent with the
>> HTTP request header, traveling the internet in cleartext?
> Yes. Anyway currently almost all outgoing links are HTTP, so the
> information does travel unencrypted as well. The advantage would be
> that it is not available to others as easily as now (referer is stored
> in web server logs, processed by statistic tools such as Google
> Analytics and so on).

I just don't like the idea that for using my local version of PMA I
would need an external server to be available.
If I'm not mistaken, every click would be redirected through the
external site? If there is a slow connection with the external
redirector, it will slow down using your local version of PMA.

This causes a lot of (unencrypted) traffic going to the external
server and back, while without the external redirector, only the
outgoing links might contain sensitive info that leaves your network.
(This of course doesn't apply when you access PMA on a remote website,
then everything is sent over the internet anyway)

And about Google Analytics, it only applies if you installed it on
your site (which is not trivial/'out of the box'), and it gets the
Referer immediately, not by analysing the web server logs (but you
where refering to other tools, I guess ;) )

I'm just wondering if using the redirector-thing is not introducing
more problems than it solves? Wouldn't it be a better idea to keep the
url clean? I realise this is not always easy to do, and probably near
impossible when sessions are not allowed on a web browsing client.

Kind regards,


> --
>        Michal Čihař | http://cihar.com | http://blog.cihar.com
> ------------------------------------------------------------------------------
> Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
> Finally, a world-class log management solution at an even better price-free!
> Download using promo code Free_Logger_4_Dev2Dev. Offer expires
> February 28th, so secure your free ArcSight Logger TODAY!
> http://p.sf.net/sfu/arcsight-sfd2d
> _______________________________________________
> Phpmyadmin-devel mailing list
> Phpmyadmin-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/phpmyadmin-devel


Dieter Adriaenssens

More information about the Developers mailing list