I would like to see an option in the configuration
files to fully remove phpMyAdmin and MySQL version
information from the GUI and the created exported files.
It is part of my security concept to NOT show anything
like that to outside users.
Sorry, but I really don't see any sense in your request.
First of all, I did not understand why it is more secure not to
display MySQL / phpMyAdmin version information.
If someone could really do harmful stuff with that information,
he / she / it could still retrieve the MySQL version by typing
SELECT VERSION();
into the SQL query box. This isn't really a big secret.
We could make the parser blocking the VERSION function, but
this would be to complicated for this senseless purpose.
If you really want to hide the version numbers I'd suggest you
to hack the phpMyAdmin / MySQL code manually so that they
return junk when being asked for a version number.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I must agree with rabus. If you really want security through
obscurity, you are advised to take the sources of PHP,
phpMyAdmin and MySQL, fake their version string and compile
the sources.
phpMyAdmin stores its version number only in the
libraries/defines_php.lib.php file (and the documentation)
and can easily be adjusted by you.
MySQL also stores its version number in a central file, same
with PHP.
There will always be ways to get to the version number using
various commands. If you want total 'security' (which is why
you posted the request) there is no other way than to fake
version numbers, as it is the only reliable way.
Regards,
Garvin.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
What I find scary is when you are trying to log into php my
admin it says Welcome to phpMyAdmin 2.5.6-rc2 - Login
This shows any one wanting to get into phpMyAdmin, even
before they get in what version it is in PLAIN TEXT.
Brendan
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Logged In: YES
user_id=473563
Maybe you would like to contribute a patch for that? :-)
Logged In: YES
user_id=240337
Now if I only was a programmer ;)
Logged In: YES
user_id=418833
Sorry, but I really don't see any sense in your request.
First of all, I did not understand why it is more secure not to
display MySQL / phpMyAdmin version information.
If someone could really do harmful stuff with that information,
he / she / it could still retrieve the MySQL version by typing
SELECT VERSION();
into the SQL query box. This isn't really a big secret.
We could make the parser blocking the VERSION function, but
this would be to complicated for this senseless purpose.
If you really want to hide the version numbers I'd suggest you
to hack the phpMyAdmin / MySQL code manually so that they
return junk when being asked for a version number.
Logged In: YES
user_id=240337
No problem, it was just a suggestion :) I know views may
vary on this.
Logged In: YES
user_id=473563
I must agree with rabus. If you really want security through
obscurity, you are advised to take the sources of PHP,
phpMyAdmin and MySQL, fake their version string and compile
the sources.
phpMyAdmin stores its version number only in the
libraries/defines_php.lib.php file (and the documentation)
and can easily be adjusted by you.
MySQL also stores its version number in a central file, same
with PHP.
There will always be ways to get to the version number using
various commands. If you want total 'security' (which is why
you posted the request) there is no other way than to fake
version numbers, as it is the only reliable way.
Regards,
Garvin.
Logged In: YES
user_id=722829
What I find scary is when you are trying to log into php my
admin it says Welcome to phpMyAdmin 2.5.6-rc2 - Login
This shows any one wanting to get into phpMyAdmin, even
before they get in what version it is in PLAIN TEXT.
Brendan