path: root/databases/phpmyadmin/files/pkg-message.in
diff options
authorXin LI <delphij@FreeBSD.org>2011-12-23 09:00:42 +0000
committerXin LI <delphij@FreeBSD.org>2011-12-23 09:00:42 +0000
commit5233080d96999415a2bdc2377f6eb51e6249ee69 (patch)
treea3192a063aebbac39a2dc7b2571573862984951b /databases/phpmyadmin/files/pkg-message.in
parent16c484bc17c7563336237c1bf279c07b9b7eb4c1 (diff)
Add an advise to users who installs phpMyAdmin that it's better to
protect it with an additional layer. Approved by: maintainer
Notes: svn path=/head/; revision=287913
Diffstat (limited to 'databases/phpmyadmin/files/pkg-message.in')
1 files changed, 8 insertions, 0 deletions
diff --git a/databases/phpmyadmin/files/pkg-message.in b/databases/phpmyadmin/files/pkg-message.in
index 152f150c8762..746af63a5999 100644
--- a/databases/phpmyadmin/files/pkg-message.in
+++ b/databases/phpmyadmin/files/pkg-message.in
@@ -19,3 +19,11 @@ that you add something like the following to httpd.conf:
Allow from .example.com
+SECURITY NOTE: phpMyAdmin is an administrative tool that has had several
+remote vulnerabilities discovered in the past, some allowing remote
+attackers to execute arbitrary code with the web server's user credential.
+All known problems have been fixed, but the FreeBSD Security Team strongly
+advises that any instance be protected with an additional protection layer,
+e.g. a different access control mechanism implemented by the web server
+as shown in the example. Do consider enabling phpMyAdmin only when it
+is in use.