#419 fully remove version information

invalid
1
2015-02-07
2003-11-25
No

I would like to see an option in the configuration
files to fully remove phpMyAdmin and MySQL version
information from the GUI and the created exported files.

It is part of my security concept to NOT show anything
like that to outside users.

Discussion

  • Garvin Hicking

    Garvin Hicking - 2003-11-25

    Logged In: YES
    user_id=473563

    Maybe you would like to contribute a patch for that? :-)

     
  • Florian Effenberger

    Logged In: YES
    user_id=240337

    Now if I only was a programmer ;)

     
  • Alexander M. Turek

    • milestone: 284147 -->
    • assigned_to: nobody --> rabus
     
  • Alexander M. Turek

    Logged In: YES
    user_id=418833

    Sorry, but I really don't see any sense in your request.

    First of all, I did not understand why it is more secure not to
    display MySQL / phpMyAdmin version information.
    If someone could really do harmful stuff with that information,
    he / she / it could still retrieve the MySQL version by typing

    SELECT VERSION();

    into the SQL query box. This isn't really a big secret.
    We could make the parser blocking the VERSION function, but
    this would be to complicated for this senseless purpose.

    If you really want to hide the version numbers I'd suggest you
    to hack the phpMyAdmin / MySQL code manually so that they
    return junk when being asked for a version number.

     
  • Florian Effenberger

    Logged In: YES
    user_id=240337

    No problem, it was just a suggestion :) I know views may
    vary on this.

     
  • Garvin Hicking

    Garvin Hicking - 2003-11-25
    • priority: 5 --> 1
    • status: open --> closed-rejected
     
  • Garvin Hicking

    Garvin Hicking - 2003-11-25

    Logged In: YES
    user_id=473563

    I must agree with rabus. If you really want security through
    obscurity, you are advised to take the sources of PHP,
    phpMyAdmin and MySQL, fake their version string and compile
    the sources.

    phpMyAdmin stores its version number only in the
    libraries/defines_php.lib.php file (and the documentation)
    and can easily be adjusted by you.

    MySQL also stores its version number in a central file, same
    with PHP.

    There will always be ways to get to the version number using
    various commands. If you want total 'security' (which is why
    you posted the request) there is no other way than to fake
    version numbers, as it is the only reliable way.

    Regards,
    Garvin.

     
  • Brendan

    Brendan - 2004-02-25

    Logged In: YES
    user_id=722829

    What I find scary is when you are trying to log into php my
    admin it says Welcome to phpMyAdmin 2.5.6-rc2 - Login
    This shows any one wanting to get into phpMyAdmin, even
    before they get in what version it is in PLAIN TEXT.

    Brendan

     
  • Michal Čihař

    Michal Čihař - 2013-06-11
    • Status: closed-rejected --> invalid
     

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.





No, thanks