Difference between revisions of "PhpMyAdmin"
From OpenEMR Project Wiki
Bradymiller (talk | contribs) |
Bradymiller (talk | contribs) |
||
Line 10: | Line 10: | ||
===Security Patches=== | ===Security Patches=== | ||
:Goal is to keep this version updated by phpmyadmin security patches released here: | :*Goal is to keep this version updated by phpmyadmin security patches released here: | ||
:*http://www.phpmyadmin.net/home_page/security/ | ::*http://www.phpmyadmin.net/home_page/security/ | ||
:First security patch | :*First security patch: | ||
:*http://www.phpmyadmin.net/home_page/security/PMASA-2013-7.php (4.0.4.1 patch) | ::*http://www.phpmyadmin.net/home_page/security/PMASA-2013-7.php (4.0.4.1 patch) '''(COMPLETED for 4.1.2)''' | ||
::* | :::*FROM (phpmyadmin codebase): | ||
::::*http://github.com/phpmyadmin/phpmyadmin/commit/012464268420e53a9cd81cbb4a43988d70393c36.patch | |||
:::*TO (openemr codebase): | |||
::::*http://github.com/openemr/openemr/commit/23ae06ee46d2c05377b70c9510c1e68b36644aef | |||
===To Be or Not To Be=== | ===To Be or Not To Be=== | ||
:There has been an ongoing debate for several years now whether we should be embedding phpMyAdmin into OpenEMR. Those against phpMyAdmin cite security concerns while those for phpMyAdmin cite practical concerns. Because of the practical concerns, phpMyAdmin will remain embedded in OpenEMR for now (as of version 4.1.2), with the caveat that one can consider removal of the phpmyadmin directory (ie. manually remove phpmyadmin) if a user has any security concerns. This is an ongoing debate, so not sure what the community will decide for future OpenEMR versions. | :There has been an ongoing debate for several years now whether we should be embedding phpMyAdmin into OpenEMR. Those against phpMyAdmin cite security concerns while those for phpMyAdmin cite practical concerns. Because of the practical concerns, phpMyAdmin will remain embedded in OpenEMR for now (as of version 4.1.2), with the caveat that one can consider removal of the phpmyadmin directory (ie. manually remove phpmyadmin) if a user has any security concerns. This is an ongoing debate, so not sure what the community will decide for future OpenEMR versions. |
Revision as of 03:04, 8 July 2013
For versions 4.1.2 and above
Integration into OpenEMR
- Embedded phpMyAdmin was upgraded to 4.0.4. This included:
- Removal of previous phpmyadmin version:
- Addition of stock phpMyAdmin 4.0.4 (All Language version).
- Integration for phpMyAdmin 4.0.4 into OpenEMR
Security Patches
- Goal is to keep this version updated by phpmyadmin security patches released here:
- First security patch:
- http://www.phpmyadmin.net/home_page/security/PMASA-2013-7.php (4.0.4.1 patch) (COMPLETED for 4.1.2)
- FROM (phpmyadmin codebase):
- TO (openemr codebase):
To Be or Not To Be
- There has been an ongoing debate for several years now whether we should be embedding phpMyAdmin into OpenEMR. Those against phpMyAdmin cite security concerns while those for phpMyAdmin cite practical concerns. Because of the practical concerns, phpMyAdmin will remain embedded in OpenEMR for now (as of version 4.1.2), with the caveat that one can consider removal of the phpmyadmin directory (ie. manually remove phpmyadmin) if a user has any security concerns. This is an ongoing debate, so not sure what the community will decide for future OpenEMR versions.
For versions 3.1.0 - 4.1.1
- The phpMyAdmin version (chose 2.x branch to ensure compatibility with php4/mysql4) has been upgraded and migrated to openemr/phpmyadmin. The customizations involved to embed phpMyAdmin involved creating a custom openemr/phpmyadmin/config.inc.php file and modifying several files (openemr/phpmyadmin/libraries/session.inc.php and openemr/phpmyadmin/libraries/common.inc.php) to ensure the sessions of phpMyAdmin and OpenEMR do not conflict. Note that the session name in openemr/interface/globals.php and openemr/phpmyadmin/libraries/session.inc.php need to be identical (this has been documented in the globals.php file for users whom want to change the session names). phpMyAdmin was imported into the cvs code with PHPMYADMIN tags to allow simple upgrading in the cvs to new phpMyAdmin versions in future via cvs import and merge.
- Upgraded OpenEMR 4.0 to phpMyAdmin 2.11.10 via cvs import command (very easy) (4/22/2010)
For versions 3.0.1 and below
- The embedded phpMyAdmin can be found at openemr/interface/main/myadmin.