hi,
i've recently been ramping up security on my server and i realised that
phpmyadmin sends the username and password in plaintext accross the http
connection from client to server when loging in. this seems like quite a
security hole, so i just thought i'd see if there are any other options to
use encryption on the username and password for the login page? i've had a
bit of a look though the code but i couldnt see any options to 'turn on' a
higher level of security so i'm guessing there currently isnt one. that
being the case i'd be keen to implement a more secure login.
what are everyone's thoughts on this?
cheers
pete
I was trying to solve this bug..I found out what actually is wrong..
When AJAX message is sent after creating the DB..it has success string that
the database has been created..and nothing is specified inside
PMA_Ajaxresponse() to reload the left frame and just it exits the script
execution as soon as it reaches the "exit" of PMA_Ajaxresponse() ... so the
files included after that has no meaning in case of AJAX requests...
So to reload the frame javascript is needed to reload it..and the header
type of AJAX headers sent is application/json so i think we should embed
javascript in the success message only..but nijel suggested sending
javascript through ajax is a hack not a solution... so how should i
send/invoke javascript in this case...
In case PMA_ReloadNavigation() .. also it uses javascript sent to browser to
reload the frame..
Hi all
I've just set up another database to demo server - Drizzle. At first
attempt phpMyAdmin did not work at all, but after few fixes (basically
disabling all charsets/collation handling we do on connect), we're at
least able to connect and show the interface with some databases and
tables.
However there is much more things to fix (for example phpMyAdmin does
not see all tables for some reason) and definitely more to test.
However the question is if we want to officially support Drizzle and
put some effort into it.
You can try phpMyAdmin with Drizzle here:
http://demo.phpmyadmin.net/master-config/?server=3
More information about Drizzle: http://drizzle.org/
--
Michal Čihař | http://cihar.com | http://blog.cihar.com
Is there any kind of Debigger available to use while understanding the code
fo phpmyadmin so as to understand which line gets executed where..?
or the varible used here is from which included file?
Do some developer uses debuggers for their uses?
I had a look at the latest Ankit's repo. In pmd_general.php there is a
form calling "pmd_general" as an action, this should be replaced by
"pmd_general.php".
Any progress on this repo? Last commit is Aug 17, but the last message
on this list from Ankit is Aug 30 when Ankit wrote he would integrate
Michael's new icons.
--
Marc Delisle
http://infomarc.info
I was trying to solve a bug..that involves some misfunctionality in master
(3.4-dev) and was working fine in (in QA_3_3, 3.3.8-dev)...as stated by the
bug reporter...
I just wanted to ask how can i get the source code of 3.3.8-dev....so as to
check the discrepency why the thing is not working in this version...
___
Regards
systemw0rm
Hi,
I suggest removing this option for 3.4 and always assume it's "true". I
don't see a reason why someone would like to set this to "false".
$cfg['CtrlArrowsMoving'] boolean
Enable Ctrl+Arrows (Option+Arrows in Safari) moving between fields
when editing.
--
Marc Delisle
http://infomarc.info
