sql
Stefan Hinz schrieb am Freitag, 17. August 2001, 21:28:54:
> It's not secure, though
> (http://www.securereality.com.au/studyinscarlet.txt), so make sure to
> protect the directory it's "installed" in with .htaccess when running it
> on a public server.
To make a long story short: dont't trust user input.
It took me quite some time to read through all this stuff. In the
end, it is exactly as one of the quotes says:
"You know a conjuror gets no credit when once he has explained
his trick and if I show you too much of my method of working, you
will come to the conclusion that I am a very ordinary individual
after all" - Sherlock Holmes
So all you have to do to make your phpMyAdmin unvulnerable is to
change 2 types of lines in 7 instances in 2 files, see:
http://www.securereality.com.au/patches/phpMyAdmin-SecureReality.diff
In particular, these are:
- if(file_exists($goto))
+ if(file_exists("./$goto"))
- include($goto);
+ include(preg_replace('/\.\.*/', '.', $goto));
With respect to general security, this is of interest also, in
case you don't know already
http://www.devshed.com/Server_Side/Administration/WebSecurityI/
With respect to trusted data, Koehntopp talks about it in the
article "webtuning"
http://www.koehntopp.de/kris/artikel/webtune/
(German, not translated yet, try
http://fets3.freetranslation.com:5081/?Language=German%2FEnglish&Url=http%3A%2F%2Fwww.koehntopp.de%2Fkris%2Fartikel%2Fwebtune%2F&Sequence=core
machine translations are sometimes fine, but often
incomprehensible - seems like much work is left to be done there.
His point is that _nothing_ coming from out there should be
trusted and be checked against anticipated input.)
--
Herzlich
Werner Stuerenburg
_________________________________________________
ISIS Verlag, Teut 3, D-32683 Barntrup-Alverdissen
Tel 0(049) 5224-997 407 · Fax 0(049) 5224-997 409
http://pferdezeitung.de
---------------------------------------------------------------------
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
