From 4e540cb43ee4dde2cce1255b9fc44f0cbee4289a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michal=20=C4=8Ciha=C5=99?= Date: Wed, 23 Nov 2005 19:17:25 +0000 Subject: [PATCH] Recommend disabling access to libraries folder. --- ChangeLog | 1 + Documentation.html | 6 ++++++ 2 files changed, 7 insertions(+) diff --git a/ChangeLog b/ChangeLog index 1942119fc..94e27f9c1 100755 --- a/ChangeLog +++ b/ChangeLog @@ -64,6 +64,7 @@ $Source$ libraries/display_tbl_links.lib.php, test/theme.php: Move javascript stuff out of libraries folder. * libraries/.htaccess: Deny access to libraries folder over HTTP. + * Documentation.html: Recommend disabling access to libraries folder. 2005-11-22 Sebastian Mendel * added test/theme.php: for testing themes diff --git a/Documentation.html b/Documentation.html index 542cd2df4..5f0af5d7e 100755 --- a/Documentation.html +++ b/Documentation.html @@ -183,6 +183,12 @@ in your browser. phpMyAdmin should now display a welcome screen and your databases, or a login dialog if using HTTP or cookie authentication mode. +
  • You should deny access to libraries subfolder in your webserver + configuration. For Apache you can use supplied .htaccess file in that + folder, for other webservers, you should configure this yourself. + Such configuration prevents from possible path expossure and cross + side scripting vulnerabilities that might happen to be found in that + code.
  • Linked-tables infrastructure