aboutsummaryrefslogtreecommitdiff
path: root/databases/phpmyadmin-devel/files/pkg-message.in
diff options
context:
space:
mode:
Diffstat (limited to 'databases/phpmyadmin-devel/files/pkg-message.in')
-rw-r--r--databases/phpmyadmin-devel/files/pkg-message.in48
1 files changed, 48 insertions, 0 deletions
diff --git a/databases/phpmyadmin-devel/files/pkg-message.in b/databases/phpmyadmin-devel/files/pkg-message.in
new file mode 100644
index 000000000000..c59745d76ae7
--- /dev/null
+++ b/databases/phpmyadmin-devel/files/pkg-message.in
@@ -0,0 +1,48 @@
+[
+{ type: install
+ message: <<EOM
+%%PKGNAME%% has been installed into:
+
+ %%WWWDIR%%
+
+Please edit config.inc.php to suit your needs.
+
+To make phpMyAdmin available through your web site, I suggest
+that you add something like the following to httpd.conf:
+
+For Apache versions earlier than 2.4:
+
+ Alias /phpmyadmin/ "%%WWWDIR%%/"
+
+ <Directory "%%WWWDIR%%/">
+ Options none
+ AllowOverride Limit
+
+ Order Deny,Allow
+ Deny from all
+ Allow from 127.0.0.1 .example.com
+ </Directory>
+
+For Apache version 2.4.x or above:
+
+ Alias /phpmyadmin/ "%%WWWDIR%%/"
+
+ <Directory "%%WWWDIR%%/">
+ Options None
+ AllowOverride Limit
+
+ Require local
+ Require host .example.com
+ </Directory>
+
+SECURITY NOTE: phpMyAdmin is an administrative tool that has had several
+remote vulnerabilities discovered in the past, some allowing remote
+attackers to execute arbitrary code with the web server's user credential.
+All known problems have been fixed, but the FreeBSD Security Team strongly
+advises that any instance be protected with an additional protection layer,
+e.g. a different access control mechanism implemented by the web server
+as shown in the example. Do consider enabling phpMyAdmin only when it
+is in use.
+EOM
+}
+]