From: Ben Hubbell on 27 Feb 2010 21:52 Hello, My web host does not have join queries in phpMyAdmin enabled. My web host is inexpensive, but their commitment to costumer service is inconsistent. They often dismiss bug reports as feature requests. When pressed to enable join queries in phpMyAdmin several years ago, my web host stated that join queries in phpMyAdmin were a security hazard. Do you know if such a security hazard exists? Regards, Ben
From: Phpster on 27 Feb 2010 23:48 No more so than in any other SQL query Bastien Sent from my iPod On Feb 27, 2010, at 9:52 PM, Ben Hubbell <spam(a)benhubbell.com> wrote: > Hello, > > My web host does not have join queries in phpMyAdmin enabled. My web > host is inexpensive, but their commitment to costumer service is > inconsistent. They often dismiss bug reports as feature requests. > > When pressed to enable join queries in phpMyAdmin several years ago, > my web host stated that join queries in phpMyAdmin were a security > hazard. Do you know if such a security hazard exists? > > Regards, > > Ben > > -- > PHP Database Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php >
From: Chris on 28 Feb 2010 17:01 Ben Hubbell wrote: > Hello, > > My web host does not have join queries in phpMyAdmin enabled. My web > host is inexpensive, but their commitment to costumer service is > inconsistent. They often dismiss bug reports as feature requests. > > When pressed to enable join queries in phpMyAdmin several years ago, my > web host stated that join queries in phpMyAdmin were a security hazard. > Do you know if such a security hazard exists? I've never used phpmyadmin as a query builder - can you really disable joins in there? Wow. No way they are a security hazard. -- Postgresql & php tutorials http://www.designmagick.com/
From: "TG" on 28 Feb 2010 18:49 The only issue I see and maybe why they'd disable it is so you don't do a crazy join that ends up returning 8 billion rows. But they should be able to manage that with query execution time timeouts or something and you can do the same thing with bad implied inner joins in the WHERE clause anyway.. but maybe it's harder to detect that and block it. ----- Original Message ----- From: Chris <dmagick(a)gmail.com> To: Ben Hubbell <spam(a)benhubbell.com> Cc: php-db(a)lists.php.net Date: Mon, 01 Mar 2010 09:01:43 +1100 Subject: Re: [PHP-DB] Are join queries in phpMyAdmin a security hazard? > Ben Hubbell wrote: > > Hello, > > > > My web host does not have join queries in phpMyAdmin enabled. My web > > host is inexpensive, but their commitment to costumer service is > > inconsistent. They often dismiss bug reports as feature requests. > > > > When pressed to enable join queries in phpMyAdmin several years ago, my > > web host stated that join queries in phpMyAdmin were a security hazard. > > Do you know if such a security hazard exists? > > I've never used phpmyadmin as a query builder - can you really disable > joins in there? Wow. > > No way they are a security hazard. > > -- > Postgresql & php tutorials > http://www.designmagick.com/ > > > -- > PHP Database Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > >
|
Pages: 1 Prev: Little Direction Please Next: 64-bit Linux -- Fatal ... undefined function mysql_connect() |