On Tue, April 6, 2010 17:11, Olaf van der Spek wrote: > On 2-4-2010 15:38, Michal ÄihaÅ wrote: >>> I'd rather not have to do that. >> >> The is no way around - Suhosin imposes limits on lengths of request, >> it's content and lengths of variables. Depending on your tables you can >> be easily hit by those limits. >> >> For example if you edit more rows at once, you can easily hit limit of >> 200 variables per request - each column uses 4 variables (name, >> function, null, value) what gives you at most 50 fields you can edit at >> once (it is actually less because there are also some administrative >> fields required to know which table you're updating and so on). > > In that case, shouldn't Suhosin be disabled by default?
I don't think so. PHP in Debian is of wider use than phpMyAdmin alone, so if phpMyAdmin has issues with Suhosin it doesn't naturally follow that all of Suhosin should be disabled. There are many PHP applications both inside and outside of Debian, web application security has a significant impact on the web today and having Suhosin by default can provide a positive contribution to web application security. As for the impact of Suhosin on phpMyAdmin performance, this is limited to only certain operations, most notably when working with large tables that have no primary key. I have not encountered any problems myself when working with phpMyAdmin in different contexts all running with Suhosin. Finally, it's possible to change the specific Suhosin settings that phpMyAdmin has a problem with. So it's definately not needed to remove or disable Suhosin to be able to work with phpMyAdmin. Michal, perhaps the phpMyAdmin FAQ item that the warning refers to can be augumented with which parameters to change? cheers, Thijs -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
