earth tech

[software and hardware technology originating from or otherwise pertinent to planet earth]

use these buttons to share this blog on portal sites:

Add to Google
Connect with Facebook

Saturday, March 14, 2009

 

Suhosin Warning from phpMyAdmin

http://wiki.cihar.com/pma/FAQ_1.38

Overview

After installing MySQL, Apache2, and phpMyAdmin on an OpenSuSE 11.0 LAN server, phpMyAdmin (pma) shows two warnings on its main page.

The first regards the MySQL root user not having a password set, and telling us to configure MySQL. This problem was resolved peacefully and without incident by the simple expedient of opening the mysql.user table for edit (using phpMyAdmin — we are root, after all — and according to the warning…) and adding a password to the root account for access from both localhost and sturgeon [sturgeon being the host name].

The second is regarding something about potential problems with something called "Suhosin".

Suhosin

Suhosin, as it turns out, is a [software] "system" for "hardening" PHP installations against buffer overflows and other nasties both known and unknown — generally speaking, it sounds like something that we want to have installed on our [about to be] publicly accessible server.

The phpMyAdmin FAQ # 1.38 is quoted here:

1.38 Can I use phpMyAdmin on a server on which Suhosin is enabled?

Yes but the default configuration values of Suhosin are known to cause problems with some operations, for example editing a table with many columns and no primary key. Tuning information is available at http://www.hardened-php.net/hphp/troubleshooting.html, although the parameter names have changed (suhosin instead of hphp). See also the SuhosinDisableWarning directive.

Note that the information regarding the parameter names used in the parameter names &mdash I.E. Use [read] suhosin instead of hphp in the Hardened-PHP Project – PHP Security – Troubleshooting page [ http://www.hardened-php.net/hphp/troubleshooting.html] is not shown on the other pages referenced when one follows the link(s).

That means that the following passage from

The settings you need to adjust are:

… it then goes on to say: 

Additionally you might want to change the following settings because phpMyAdmin is an administrative backend and might needs many POST variables and the user might trigger SQL errors

Labels: , , ,

posted by pd wilson   #   19:57




<< Home

Archives

2006/12   2007/01   2007/05   2007/06   2007/07   2007/08   2007/10   2008/01   2008/02   2008/03   2008/05   2008/11   2008/12   2009/01   2009/02   2009/03   2009/04   2009/05   2009/07   2009/09   2009/10   2009/11  

This page is powered by Blogger. Isn't yours?

Subscribe to Posts [Atom]