On 10/16/07, Thijs Kinkhorst <[EMAIL PROTECTED]> wrote: > > I agree with Stephen here. This is expected behaviour of phpmyadmin and > anyone installing it knowingly opens up local access to their database > from Apache, as that is exactly the point of the package. phpMyAdmin warns
Hmm, ok, I agree at this point. Considering the case of squid package that can also allow remote host to connect to local apache (by sending the query like http://127.0.0.1/ as a url request to squid proxy). Even if apache is configured to allow only local access, but squid (installed on the same machine) can simply break that policy. Yes, this is the expected behavior of squid proxy. However, the default setting of debian squid package, is to allow only local access to the squid itself. Can we say that, this setting of squid package is to make it "secure by default"? If squid config allow remote access by default (so it can compromise the security policy of the local webserver), this will be considered "non-secure by default"? For phpmyadmin to be secure by default, like in squid package, it may have the config "/etc/phpmyadmin/htaccess" be setup like this (to allow only localhost access), #Order allow,deny #Allow from all order deny,allow deny from all allow from 127.0.0.0/255.0.0.0 This will be good for anyone who want to install phpmyadmin for just a local frontend for MySQL, not for remote frontend. The users have to reconfig this by themselves, to allow remote access, assuming that they know what they do and know the expected behavior of phpmyadmin. Now, my patch is just a wishlist, as an option for the users, if they wish to allow remote access, by not compromising the MySQL security policy. However, with my patch, it doesn't mean that it won't compromise MySQL security policy at all. Remember that the default setting of debian MySQL package, does listen for the connection from only local unix socket. It does NOT listen on any tcp socket, so that no client can connect to MySQL from remote host. By allowing remote access in phpmyadmin, will also compromise this default security policy. > you clearly if you have no root password set for MySQL to help avoid the > most blatant holes. > > That MySQL does not set a root password on initial install is a debatable > issue but it seems to be a design decision by MySQL. > > I'll investigate the patch later to see whether we can do something useful > with it, thanks. But it's not a security issue so I'm marking the bug > appropriately. > > > Thijs > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
