Hi Bernd, > phpmyadmin uses eval to evaluate the contents of a config file.
Indeed. > * it's the last web application that stops me from adding > suhosin.executor.disable_eval = On to my php config. > > Would be great if there would be a better implementation in the next > version, in favour of better security. I can take this up with upstream, but I'm not yet convinced by your argument that it's "evil" and "insecure": can you provide a concrete example of a security issue with this code, and a method to include the configuration that would resolve it? That would help me convince upstream. thanks Thijs
