Developers November 2001

developers@phpmyadmin.net

10 participants
30 discussions

by Olivier M.

On Fri, Nov 09, 2001 at 04:34:24PM +0100, Loïc wrote: > >use an home-made session system? This is not an > >hard thing: it would just require a mysql table. > > I've started to work again on this but am facing a first problem. > Let's say only the standard user may use the session table. > Once the user is logged into, his login/password must be > stored into this session table and the standard user must be > able to get them, you know the standard user I've just removed > every priv. on the "Password" column from the "mysql.user" table in order to > improve security..... :( mmm, if you can't look at the password column field, how can you check if the password is correct ? I don't get the point here :) > >it would just require a mysql table. > >(id, session_id, username, db, passwd, ip, expiration, timestamp) > > Hum why: > - id and session_id? mmm, forget id, it's just a standard field in all my tables (using mysql classes to access the data). > - db (no very usefull without hostname and table name at least)? was just a 2 min draft... with db I meant the db number from $cfgServers[1], $cfgServers[2], etc... > - expiration and timestamp? expiration: to allow automatic deletion of session after a defined time limit timestamp: for admin information, to see last action Olivier, from the first snowy day of the winter :) -- _________________________________________________________________ Olivier Mueller - om(a)8304.ch - PGPkeyID: 0E84D2EA - Switzerland qmail projects: http://omail.omnis.ch - http://webmail.omnis.ch

22 years, 8 months

[Phpmyadmin-devel] new auth

by Marc Delisle

Hi, Looking at the stats for 2.2.1, there were 17300 downloads of a .php version and 3300 for a .php3 version. I presume that it means PHP4 is well deployed. I think we could *add* another auth mecanism for PHP4 servers: session-based. I use it in all my other LAMP-based projects (did not try it with WAMP) and my users have no problems. Instead of $cfgServers[1]['adv_auth'] we could have $cfgServers[1]['auth'] with the possible choices: 'config': the username/password are in the config file (old advanced=false) 'http' http authentication (old advanced=true) (still use stduser?) 'session' session-based, customized login panel, session id propagated by URL (still use stduser?) Marc

22 years, 8 months

[Phpmyadmin-devel] Mentioned in the news?

by Robin Johnson

Hey guys, Just an odd request, some while ago, I recall seeing phpMyAdmin mentioned on a news site somewhere. Do you know where? Thanks in advance. -- Robin Hugh Johnson "Robbat2" QTOD: "I used to be an idealist, but I got mugged by reality." E-Mail : robbat2(a)orbis-terrarum.net ICQ# : 30269588 or 41961639 Home Page : http://www.orbis-terrarum.net Time Zone : Pacific Daylight (GMT - 8) -----BEGIN GEEK CODE----- geekcode.com ebb.org/ungeek GCS/M/IT d-(+) s+:- a--- C++++ U++++ L++++ P--(+) W++ K++ PS+ N++ w--- O E---- M-(+) V-- Y++ PE++ PGP++ t-- 5 X+ R tv- b+++ D++ G++ e(*) h! r-- !y+ ------END GEEK CODE------ -----PGP INFO-{--- Key ID:0x7E20DFA1 FingerPrint: 5447C73A 30FB144C 89521B69 2D6A615E 7E20DFA1 ---}-PGP INFO-----

22 years, 8 months

[Phpmyadmin-devel] Re: RC for 2.2.2

by Marc Delisle

Hi, No problem for 2.2.2-RC1. Michal, did you test the latest beta5 patch? Loïc, do you need more testers of this patch? Will it go in 2.2.2? Marc

22 years, 8 months

Re: [Phpmyadmin-devel] 2.2.1 under free.fr

by Loïc

Hi Armel & all! >phpMyAdmin 2.2.1 is in production on free.fr (french >provider, free hosting, etc.). Great :) Do you know if Online.fr also use PMA 2.2.1? To all: what about to roll a 2.2.2-rc1 during the week-end? Because an important security improvement has been commited since 2.2.1: "stduser" no long need to have the "select" priv. on the "password" column of the "mysql.user" table. Loïc ______________________________________________________________________________ ifrance.com, l'email gratuit le plus complet de l'Internet ! vos emails depuis un navigateur, en POP3, sur Minitel, sur le WAP... http://www.ifrance.com/_reloc/email.emailif

22 years, 8 months

Re: [Phpmyadmin-devel] Mentioned in the news?

by Loïc

Hi Robin & List! >I recall seeing phpMyAdmin mentioned on a news site >somewhere Maybe the php foundry page from SourceForge? Loïc ______________________________________________________________________________ ifrance.com, l'email gratuit le plus complet de l'Internet ! vos emails depuis un navigateur, en POP3, sur Minitel, sur le WAP... http://www.ifrance.com/_reloc/email.emailif

22 years, 8 months

Re: [Phpmyadmin-devel] new auth

by Loïc

Hi Robin & List! >Could we possibly get around this by setting/unsetting the >register_globals in the config.inc.php3 ? Yep we may but we also need to set/unset "track_vars" in this case (if possible ie php < 4.0.3). Nevertheless we will then face an other other problem: the secure solution is to set "register_globals" to "off", "track_vars" to "on" and to use "session_register($HTTP_SESSION_VARS['my_var'])"... as soon as php < 4.1.0 because since those bugs will be fixed in 4.1.0 we must use "session_register('my_var')" with this version. Else we may set "register_globals" to "on" but this is far less secure :( >We would still need the stduser account to get the database >list. SHOW GRANTS does not show databases that everybody >has access to. It only shows databases where explict rights >have been granted to the user. Right :( Loïc ______________________________________________________________________________ ifrance.com, l'email gratuit le plus complet de l'Internet ! vos emails depuis un navigateur, en POP3, sur Minitel, sur le WAP... http://www.ifrance.com/_reloc/email.emailif

22 years, 8 months

Re: [Phpmyadmin-devel] new auth

by Loïc

Hi List! Ok for session but as to me they are still quite buggy :( For example, with "track_vars" set: 1. Just try to set register_globals to "off" (it's the recomended value) and you'll face a really annoying bug that exists from php 4.0.1-pl1 to the current 4.0.6 version (it seems to be fixed in the current cvs for the 4.1.0 version) : $HTTP_SESSION_VARS is not updated when you use session_register('my_var')! 2. No set register_globals to "on" and you will see that $HTTP_SESSION_VARS is not more updated (while it should because "track_vars" is on). See also php bug reports #5329, #11861, #12600.... and users notes at this url: http://www.php.net/manual/en/ref.session.php In a few words it means it will be very hard to know "which" session data to use. >'session' >session-based, customized login panel, session id propagated by URL >(still use stduser?) Hum, how can we skip "stduser" ? The problem is not related to session IMHO but to the MySQL version: if 3.23.4+ we may skip "stduser" since the "SHOW GRANTS" MySQL statement is usable, else there is no better way than "stduser" to get the user privileges. Loïc ______________________________________________________________________________ ifrance.com, l'email gratuit le plus complet de l'Internet ! vos emails depuis un navigateur, en POP3, sur Minitel, sur le WAP... http://www.ifrance.com/_reloc/email.emailif

22 years, 8 months

Re: [Phpmyadmin-devel] new auth

by Loïc

Hi again! I need some help/opinions on bug #474943. Thanks, Loïc ______________________________________________________________________________ ifrance.com, l'email gratuit le plus complet de l'Internet ! vos emails depuis un navigateur, en POP3, sur Minitel, sur le WAP... http://www.ifrance.com/_reloc/email.emailif

22 years, 8 months

[Phpmyadmin-devel] [SF] 100.000% phpMyAdmin

by Olivier M.

Hello. Just got the SourceForge newsletter, and this part is quite interesting... :-) --------------------------------- A) CURRENT SOURCEFORGE.NET SITE STATISTICS Number of Projects: 28,697 Number of Registered Users: 282,350 Page Views: 1,701,023 ( 24 hour period on 10/30/01) Files downloaded 300,495 (24 hour period on 10/30/01) E-mails from mail server: 627,195 (24 hour period on 10/30/01) Top Projects on this date include: 100.000% phpMyAdmin 99.9848% Firewall Builder 99.9695% PCGen 99.9543% SourceForge 99.9390% Miranda ICQ Client 99.9238% The Open For Business Project 99.9086% Python 99.8933% PostNuke Content Management System 99.8781% AWStats 99.8628% MiKTeX 99.8476% Gaim 99.8323% net-snmp 99.8171% jboss.org 99.8019% HSQL Database Engine 99.7866% TOra 99.7714% Compiere ERP & CRM Business Solution 99.7561% phpAdsNew 99.7409% Back Orifice 2000 99.7257% AFPL Ghostscript 99.7104% Tcl The top project (statistically) on this date is phpMyAdmin. What is phpMyAdmin? phpMyAdmin is a tool written in the PHP programming language (available on a large number of web servers today), which is designed to assist you in the administration of MySQL databases via the WWW. Well-designed, stable and suitable both for new MySQL users and seasoned database administrators. phpMyAdmin is available under the GNU General Public License. phpMyAdmin is one of nearly 30,000 Open Source software development projects hosted on SourceForge.net. Additional information regarding this project may be found at: http://sf.net/projects/phpmyadmin Additional information regarding other SourceForge.net-hosted projects may be found on the SourceForge.net site, located at: http://sf.net --------------------------------- Well, I guess it's not necessary to make any further comment... :-) This is just some more good publicity about PMA sent to only 282,350 users :) Cheers, Olivier -- _________________________________________________________________ Olivier Mueller - om(a)8304.ch - PGPkeyID: 0E84D2EA - Switzerland qmail projects: http://omail.omnis.ch - http://webmail.omnis.ch

22 years, 8 months

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

Developers November 2001