Sebastian Mendel a écrit :
Marc Delisle schrieb:
Sebastian Mendel a écrit :
Hi,
even if it is a good feature to run phpMyAdmin out of the box on a dev system with root and no pw i think we should limit this ...
Do you mean for auth_type = 'config' or for all auth_types?
all!?
We already have a warning message: if ($server != 0 && $cfg['Server']['user'] == 'root' && $cfg['Server']['password'] == '') { echo '<div class="warning">' . $strInsecureMySQL . '</div>' . "\n"; }
i know and i fear this message could be found by google ...
that works for all auth_types (even if the message talks about their configuration file having these insecure settings).
The problem with this message, is that many users do not understand it and react with fear.
react with fear to this message is not wrong, or?
But some consultants just do the default MySQL installation and install apps relying on root with no password, so our message "breaks" the apps when a user suddenly adds a password for root.
first: this is not our fault! second: this message could go away with $cfg['allow_root_with_no_pw']
possible we could add an config switch and/or version check
if version is dev, from svn or forced by config ($cfg['allow_root_with_no_pw']) allow root with no pass
if version is release deny root with no password (except it is forced by config switch to be allowed)
and phpMyAdmin should trigger_error to log this error and report a generic security error message to the user 'security error, please check php errror log for further details'
what do you think about?
I would avoid adding a new cfg because I fear what distros will do: just set it to true by default?
i don't think so i do not think that any distro will disable a default securing option!
I think logging this error with trigger_error is a good improvement.
I guess you would like to remove the strInsecureMySQL message?
yes, with the already mentioned generic security error message
Ok for me.