more security (compared to phpMyAdmin)?

gmoni
2012-11-15
2013-06-06
  • gmoni
    gmoni
    2012-11-15

    I am curious to know why adminer needs access http://www.adminer.org/static/jush.css and what data it is downloading or uploading? It is good software but what happens if someone does a successful redirect attack to the URL mentioned above?

     
  • Jakub Vrána
    Jakub Vrána
    2012-11-17

    JUSH is used for syntax highlighting SQL queries and linking variables and status help. It is accessed through HTTPS if Adminer runs on HTTPS.

    You can load JUSH from a different location by assigning JS variable jushRoot in the customization or disable it completely by setting this variable to false.

     
  • With Fusion
    With Fusion
    2013-06-04

    There are all types of security concerns with this software, starting with the fact that it makes outside connections and that it isn't open source. I would steer clear of this thing until the code is made open in accordance with the GPL it is released under.

     
  • Paul
    Paul
    2013-06-05

    Well, withfusion must have fizzled.  This project IS open source, as that is was sourceforge is all about. :-D

    …and of course it makes "outside connections", how else can one admin without network connectivity ?!?!

     
  • With Fusion
    With Fusion
    2013-06-05

    No I'm not fizzled. Show me one single file in this entire project that is encrypted. The downloaded file, the files available on Sourceforge, all of them are encrypted. For what reason I have NO idea, but there you have it.

     
  • With Fusion
    With Fusion
    2013-06-05

    * that isn't encrypted

     
  • Jakub Vrána
    Jakub Vrána
    2013-06-05

    The code is fully open sourced, you can find it e.g. at GitHub or here at SourceForge. The single-file version is minified, not encrypted. The minifier is part of the project. You may not use it at all or build the minified version by yourself if you don't trust the distribution packages.

    You can use version-noverify plugin to disable the version checker and you can set the jushRoot variable to disable external syntax highlighting. This disables all external connections.