The only issue I see and maybe why they'd disable it is so you don't do a
crazy join that ends up returning 8 billion rows. But they should be
able to manage that with query execution time timeouts or something and
you can do the same thing with bad implied inner joins in the WHERE
clause anyway.. but maybe it's harder to detect that and block it.
----- Original Message -----
From: Chris <dmagick@gmail.com>
To: Ben Hubbell <spam@benhubbell.com>
Cc: php-db@lists.php.net
Date: Mon, 01 Mar 2010 09:01:43 +1100
Subject: Re: [PHP-DB] Are join queries in phpMyAdmin a security hazard?
> Ben Hubbell wrote:
> > Hello,
> >
> > My web host does not have join queries in phpMyAdmin enabled. My web
> > host is inexpensive, but their commitment to costumer service is
> > inconsistent. They often dismiss bug reports as feature requests.
> >
> > When pressed to enable join queries in phpMyAdmin several years ago, my
> > web host stated that join queries in phpMyAdmin were a security hazard.
> > Do you know if such a security hazard exists?
>
> I've never used phpmyadmin as a query builder - can you really disable
> joins in there? Wow.
>
> No way they are a security hazard.
>
> --
> Postgresql & php tutorials
> http://www.designmagick.com/
>
>
> --
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
|