Re: PR/35141 CVS commit: pkgsrc/databases/phpmyadmin

To: tron%NetBSD.org@localhost, gnats-admin%netbsd.org@localhost, pkgsrc-bugs%netbsd.org@localhost, Wouter Schoot <ascent%schoot.org@localhost>
Subject: Re: PR/35141 CVS commit: pkgsrc/databases/phpmyadmin
From: Joerg Sonnenberger <joerg%britannica.bec.de@localhost>
Date: Mon, 27 Nov 2006 18:15:05 +0000 (UTC)

The following reply was made to PR pkg/35141; it has been noted by GNATS.

From: Joerg Sonnenberger <joerg%britannica.bec.de@localhost>
To: Matthias Scheler <tron%NetBSD.org@localhost>
Cc: NetBSD GNATS <gnats-bugs%NetBSD.org@localhost>
Subject: Re: PR/35141 CVS commit: pkgsrc/databases/phpmyadmin
Date: Mon, 27 Nov 2006 19:13:19 +0100

 On Mon, Nov 27, 2006 at 05:53:30PM +0000, Matthias Scheler wrote:
 > On Mon, Nov 27, 2006 at 05:50:03PM +0000, Joerg Sonnenberger wrote:
 > >  Infact, looking at the content a bit more, I see *no* reason for
 > >  non-default permissions here.
 > 
 > The configuration usually contains the admin password for the MySQL server.
 > So it should be only readable by the webserver user.

 There are at least two different configurations for phpmyadmin: with
 default authentication and without. This applies only to the former
 (which IMO should be discouraged as default). Independent of that, it
 applies only to the mod_php, as e.g. fastcgi allows running PHP as any
 user and the webserver should not have access permissions on the file
 for that case.

 Shall I fill a separate PR for this? :-)

 Joerg

Prev by Date: Re: PR/35141 CVS commit: pkgsrc/databases/phpmyadmin
Next by Date: Re: PR/35141 CVS commit: pkgsrc/databases/phpmyadmin
Previous by Thread: Re: PR/35141 CVS commit: pkgsrc/databases/phpmyadmin
Next by Thread: Re: PR/35141 CVS commit: pkgsrc/databases/phpmyadmin
Indexes:

Home | Main Index | Thread Index | Old Index