I am curious to know why adminer needs access http://www.adminer.org/static/jush.css and what data it is downloading or uploading? It is good software but what happens if someone does a successful redirect attack to the URL mentioned above?
JUSH is used for syntax highlighting SQL queries and linking variables and status help. It is accessed through HTTPS if Adminer runs on HTTPS.
You can load JUSH from a different location by assigning JS variable jushRoot in the customization or disable it completely by setting this variable to false.
There are all types of security concerns with this software, starting with the fact that it makes outside connections and that it isn't open source. I would steer clear of this thing until the code is made open in accordance with the GPL it is released under.
Well, withfusion must have fizzled. This project IS open source, as that is was sourceforge is all about. :-D
…and of course it makes "outside connections", how else can one admin without network connectivity ?!?!
No I'm not fizzled. Show me one single file in this entire project that is encrypted. The downloaded file, the files available on Sourceforge, all of them are encrypted. For what reason I have NO idea, but there you have it.
* that isn't encrypted
In the source code zip file, found here:
The code is fully open sourced, you can find it e.g. at GitHub or here at SourceForge. The single-file version is minified, not encrypted. The minifier is part of the project. You may not use it at all or build the minified version by yourself if you don't trust the distribution packages.
You can use version-noverify plugin to disable the version checker and you can set the jushRoot variable to disable external syntax highlighting. This disables all external connections.