Hi
does anybody see reason for $pma_server_changed in
libraries/auth/cookie.auth.lib.php? It seems to be only set and not
used anywhere...
--
Michal Čihař | http://cihar.com | http://phpmyadmin.cz
Hi all
since ever, our default configuration is config which matches MySQL
defaults. However we all know it is not really a good option from
security point of view, because it might expose MySQL server from
inexperienced user to public. I think it's time to change this.
1. Disallow logging in as root without password unless explicitly
allowed in our config file.
2. Make cookie the default authentication method.
3. If no Blowfish secret is set, generate one on the fly and store it
in the session - it should work for login, but it won't allow to recall
username on next login, but if user wants this feature, he needs to set
the secret in config.
Opinions to make such change in trunk?
--
Michal Čihař | http://cihar.com | http://phpmyadmin.cz