diff options
-rw-r--r-- | ChangeLog | 1 | ||||
-rw-r--r-- | doc/config.rst | 27 | ||||
-rw-r--r-- | doc/setup.rst | 32 | ||||
-rw-r--r-- | index.php | 4 | ||||
-rw-r--r-- | libraries/classes/Util.php | 26 | ||||
-rw-r--r-- | themes/original/css/common.css.php | 3 | ||||
-rw-r--r-- | themes/pmahomme/css/common.css.php | 3 |
7 files changed, 88 insertions, 8 deletions
@@ -27,6 +27,7 @@ phpMyAdmin - ChangeLog - issue #13448 Add "format" query button in edit view form - issue #6241 Implement Responsive Design/mobile interface - issue Use a single location for classes under PhpMyAdmin namespace +- issue #12354 Indicate SSL status on main page 4.7.4 (not yet released) - issue #13415 Remove shadow from the logo diff --git a/doc/config.rst b/doc/config.rst index 09a39e1d07..02ed25c2a7 100644 --- a/doc/config.rst +++ b/doc/config.rst @@ -331,7 +331,8 @@ Server connection settings .. seealso:: - :ref:`example-google-ssl` + :ref:`ssl`, + :ref:`example-google-ssl`, :config:option:`$cfg['Servers'][$i]['ssl_key']`, :config:option:`$cfg['Servers'][$i]['ssl_cert']`, :config:option:`$cfg['Servers'][$i]['ssl_ca']`, @@ -344,7 +345,8 @@ Server connection settings :type: string :default: NULL - Path to the key file when using SSL for connecting to the MySQL server. + Path to the client key file when using SSL for connecting to the MySQL + server. This is used to authenticate the client to the server. For example: @@ -354,7 +356,8 @@ Server connection settings .. seealso:: - :ref:`example-google-ssl` + :ref:`ssl`, + :ref:`example-google-ssl`, :config:option:`$cfg['Servers'][$i]['ssl']`, :config:option:`$cfg['Servers'][$i]['ssl_cert']`, :config:option:`$cfg['Servers'][$i]['ssl_ca']`, @@ -367,11 +370,13 @@ Server connection settings :type: string :default: NULL - Path to the cert file when using SSL for connecting to the MySQL server. + Path to the client certificate file when using SSL for connecting to the + MySQL server. This is used to authenticate the client to the server. .. seealso:: - :ref:`example-google-ssl` + :ref:`ssl`, + :ref:`example-google-ssl`, :config:option:`$cfg['Servers'][$i]['ssl']`, :config:option:`$cfg['Servers'][$i]['ssl_key']`, :config:option:`$cfg['Servers'][$i]['ssl_ca']`, @@ -388,7 +393,8 @@ Server connection settings .. seealso:: - :ref:`example-google-ssl` + :ref:`ssl`, + :ref:`example-google-ssl`, :config:option:`$cfg['Servers'][$i]['ssl']`, :config:option:`$cfg['Servers'][$i]['ssl_key']`, :config:option:`$cfg['Servers'][$i]['ssl_cert']`, @@ -405,7 +411,8 @@ Server connection settings .. seealso:: - :ref:`example-google-ssl` + :ref:`ssl`, + :ref:`example-google-ssl`, :config:option:`$cfg['Servers'][$i]['ssl']`, :config:option:`$cfg['Servers'][$i]['ssl_key']`, :config:option:`$cfg['Servers'][$i]['ssl_cert']`, @@ -422,6 +429,8 @@ Server connection settings .. seealso:: + :ref:`ssl`, + :ref:`example-google-ssl`, :config:option:`$cfg['Servers'][$i]['ssl']`, :config:option:`$cfg['Servers'][$i]['ssl_key']`, :config:option:`$cfg['Servers'][$i]['ssl_cert']`, @@ -459,7 +468,8 @@ Server connection settings .. seealso:: - :ref:`example-google-ssl` + :ref:`ssl`, + :ref:`example-google-ssl`, :config:option:`$cfg['Servers'][$i]['ssl']`, :config:option:`$cfg['Servers'][$i]['ssl_key']`, :config:option:`$cfg['Servers'][$i]['ssl_cert']`, @@ -3405,6 +3415,7 @@ server certificates and tell phpMyAdmin to use them: .. seealso:: + :ref:`ssl`, :config:option:`$cfg['Servers'][$i]['ssl']`, :config:option:`$cfg['Servers'][$i]['ssl_key']`, :config:option:`$cfg['Servers'][$i]['ssl_cert']`, diff --git a/doc/setup.rst b/doc/setup.rst index dd02769e21..03c2872511 100644 --- a/doc/setup.rst +++ b/doc/setup.rst @@ -1057,6 +1057,38 @@ are always ways to make your installation more secure: fail2ban to block brute-force attempts. Note that the log file used by syslog is not the same as the Apache error or access log files. +.. _ssl: + +Using SSL for connection to database server ++++++++++++++++++++++++++++++++++++++++++++ + +It is recommended to use SSL when connecting to remote database server. There +are several configuration options involved in the SSL setup: + +:config:option:`$cfg['Servers'][$i]['ssl']` + Defines whether to use SSL at all. If you enable only this, the connection + will be encrypted, but there is not authentication of the connection - you + can not verify that you are talking to the right server. +:config:option:`$cfg['Servers'][$i]['ssl_key']` and :config:option:`$cfg['Servers'][$i]['ssl_cert']` + This is used for authentication of client to the server. +:config:option:`$cfg['Servers'][$i]['ssl_ca']` and :config:option:`$cfg['Servers'][$i]['ssl_ca_path']` + The certificate authorities you trust for server certificates. + This is used to ensure that you are talking to a trusted server. +:config:option:`$cfg['Servers'][$i]['ssl_verify']` + This configuration disables server certificate verification. Use with + caution. + +.. seealso:: + + :ref:`example-google-ssl`, + :config:option:`$cfg['Servers'][$i]['ssl']`, + :config:option:`$cfg['Servers'][$i]['ssl_key']`, + :config:option:`$cfg['Servers'][$i]['ssl_cert']`, + :config:option:`$cfg['Servers'][$i]['ssl_ca']`, + :config:option:`$cfg['Servers'][$i]['ssl_ca_path']`, + :config:option:`$cfg['Servers'][$i]['ssl_ciphers']`, + :config:option:`$cfg['Servers'][$i]['ssl_verify']` + Known issues ++++++++++++ @@ -307,6 +307,10 @@ if ($server > 0 && $GLOBALS['cfg']['ShowServerInfo']) { 'li_server_type' ); PMA_printListItem( + __('Server connection:') . ' ' . PhpMyAdmin\Util::getServerSSL(), + 'li_server_type' + ); + PMA_printListItem( __('Server version:') . ' ' . $GLOBALS['dbi']->getVersionString() . ' - ' . $GLOBALS['dbi']->getVersionComment(), diff --git a/libraries/classes/Util.php b/libraries/classes/Util.php index 17a94b193a..4abaa866fe 100644 --- a/libraries/classes/Util.php +++ b/libraries/classes/Util.php @@ -3938,6 +3938,32 @@ class Util } /** + * Returns information about SSL status for current connection + * + * @return string + */ + public static function getServerSSL() + { + $server = $GLOBALS['cfg']['Server']; + $class = 'caution'; + if (! $server['ssl']) { + $message = __('SSL is not being used'); + if (! empty($server['socket']) || $server['host'] == '127.0.0.1' || $server['host'] == 'localhost') { + $class = ''; + } + } elseif (! $server['ssl_verify']) { + $message = __('SSL is used with disabled verification'); + } elseif (empty($server['ssl_ca']) && empty($server['ssl_ca'])) { + $message = __('SSL is used without certification authority'); + } else { + $class = ''; + $message = __('SSL is used'); + } + return '<span class="' . $class . '">' . $message . '</span> ' . self::showDocu('setup', 'ssl'); + } + + + /** * Prepare HTML code for display button. * * @return String diff --git a/themes/original/css/common.css.php b/themes/original/css/common.css.php index 8290c84df8..bc8c460563 100644 --- a/themes/original/css/common.css.php +++ b/themes/original/css/common.css.php @@ -665,6 +665,9 @@ ul#topmenu2 a { white-space: nowrap; } +span.caution { + color: #FF0000; +} fieldset.caution a { color: #FF0000; } diff --git a/themes/pmahomme/css/common.css.php b/themes/pmahomme/css/common.css.php index 4af1f37916..c599fd71dc 100644 --- a/themes/pmahomme/css/common.css.php +++ b/themes/pmahomme/css/common.css.php @@ -976,6 +976,9 @@ ul#topmenu2 a { } +span.caution { + color: #FF0000; +} fieldset.caution a { color: #FF0000; } |