Hi Dne Wed, 12 Jun 2013 20:41:41 -0400 Filipus Klutiero <chea...@gmail.com> napsal(a):
> Hehe, me too ;-)
> I thought about this when reporting, but ended up writing nothing because:
>
> * I'm not sure why we use the current authorization process
> * I'm not much knowledgeable in the area anyway
>
> The reason why I imagine config.inc.php is generally not writable by www-data
> is to prevent a compromise of phpMyAdmin caused by an exploit of another web
> application. I don't think making it writable would be /insecure/, since the
> web server isn't supposed to run any code, but I agree the current situation
> is much more secure.
>
> If that's the rationale, I guess the solution would be to isolate phpMyAdmin
> from other applications (for example, by having phpMyAdmin run as a
> "phpmyadmin" user rather than www-data). I see that suPHP allows something
> like that, but I don't know a mature solution doing that :-(
No the problem is how to protect the setup page as you don't want to
have publicly accessible page which can alter your configuration.
Using hardcoded credentials in the script is of course bad idea and
there is no other working authentication at that point. That's why
require some action done on the system both upstream and in Debian
(though it's slightly different).
In Debian we've used debconf to ask for password and configured
webserver to protect the setup script, but it proven to be bad idea as
user is free to choose any server and in case he would choose something
we do not support the setup would be unsecured. Also most people don't
see low priority debconf questions...
--
Michal Čihař | http://cihar.com | http://blog.cihar.com
signature.asc
Description: PGP signature
