Are join queries in phpMyAdmin a security hazard?

Hello,

My web host does not have join queries in phpMyAdmin enabled. My web
host is inexpensive, but their commitment to costumer service is
inconsistent. They often dismiss bug reports as feature requests.

When pressed to enable join queries in phpMyAdmin several years ago, my
web host stated that join queries in phpMyAdmin were a security hazard.
Do you know if such a security hazard exists?

Regards,

Ben

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: Are join queries in phpMyAdmin a security hazard?

No more so than in any other SQL query

Bastien

Sent from my iPod

On Feb 27, 2010, at 9:52 PM, Ben Hubbell wrote:

> Hello,
>
> My web host does not have join queries in phpMyAdmin enabled. My web
> host is inexpensive, but their commitment to costumer service is
> inconsistent. They often dismiss bug reports as feature requests.
>
> When pressed to enable join queries in phpMyAdmin several years ago,
> my web host stated that join queries in phpMyAdmin were a security
> hazard. Do you know if such a security hazard exists?
>
> Regards,
>
> Ben
>
> --
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: Are join queries in phpMyAdmin a security hazard?

Ben Hubbell wrote:
> Hello,
>
> My web host does not have join queries in phpMyAdmin enabled. My web
> host is inexpensive, but their commitment to costumer service is
> inconsistent. They often dismiss bug reports as feature requests.
>
> When pressed to enable join queries in phpMyAdmin several years ago, my
> web host stated that join queries in phpMyAdmin were a security hazard.
> Do you know if such a security hazard exists?

I've never used phpmyadmin as a query builder - can you really disable
joins in there? Wow.

No way they are a security hazard.

--
Postgresql & php tutorials
http://www.designmagick.com/


--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: Are join queries in phpMyAdmin a security hazard?

The only issue I see and maybe why they'd disable it is so you don't do a
crazy join that ends up returning 8 billion rows. But they should be
able to manage that with query execution time timeouts or something and
you can do the same thing with bad implied inner joins in the WHERE
clause anyway.. but maybe it's harder to detect that and block it.

----- Original Message -----
From: Chris
To: Ben Hubbell
Cc: php-db@lists.php.net
Date: Mon, 01 Mar 2010 09:01:43 +1100
Subject: Re: [PHP-DB] Are join queries in phpMyAdmin a security hazard?

> Ben Hubbell wrote:
> > Hello,
> >
> > My web host does not have join queries in phpMyAdmin enabled. My web
> > host is inexpensive, but their commitment to costumer service is
> > inconsistent. They often dismiss bug reports as feature requests.
> >
> > When pressed to enable join queries in phpMyAdmin several years ago, my
> > web host stated that join queries in phpMyAdmin were a security hazard.
> > Do you know if such a security hazard exists?
>
> I've never used phpmyadmin as a query builder - can you really disable
> joins in there? Wow.
>
> No way they are a security hazard.
>
> --
> Postgresql & php tutorials
> http://www.designmagick.com/
>
>
> --
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php