diff options
| author | delphij <delphij@FreeBSD.org> | 2011-12-23 17:00:42 +0800 |
|---|---|---|
| committer | delphij <delphij@FreeBSD.org> | 2011-12-23 17:00:42 +0800 |
| commit | 42f4cf77e16e8f5e5b703863e1e30180c75d8224 (patch) | |
| tree | 467990c75a83e3ee34368a0417568e32c546c17f /databases | |
| parent | 5dd196256afb15fb774b07f4334e8ae79da8e66f (diff) | |
| download | freebsd-ports-gnome-42f4cf77e16e8f5e5b703863e1e30180c75d8224.tar.gz freebsd-ports-gnome-42f4cf77e16e8f5e5b703863e1e30180c75d8224.tar.zst freebsd-ports-gnome-42f4cf77e16e8f5e5b703863e1e30180c75d8224.zip | |
Add an advise to users who installs phpMyAdmin that it's better to
protect it with an additional layer.
Approved by: maintainer
Diffstat (limited to 'databases')
| -rw-r--r-- | databases/phpmyadmin/files/pkg-message.in | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/databases/phpmyadmin/files/pkg-message.in b/databases/phpmyadmin/files/pkg-message.in index 152f150c8762..746af63a5999 100644 --- a/databases/phpmyadmin/files/pkg-message.in +++ b/databases/phpmyadmin/files/pkg-message.in @@ -19,3 +19,11 @@ that you add something like the following to httpd.conf: Allow from 127.0.0.1 .example.com </Directory> +SECURITY NOTE: phpMyAdmin is an administrative tool that has had several +remote vulnerabilities discovered in the past, some allowing remote +attackers to execute arbitrary code with the web server's user credential. +All known problems have been fixed, but the FreeBSD Security Team strongly +advises that any instance be protected with an additional protection layer, +e.g. a different access control mechanism implemented by the web server +as shown in the example. Do consider enabling phpMyAdmin only when it +is in use. |