23 Mar
2007
23 Mar
'07
10:47 a.m.
Juergen Wind schrieb:
Sebastian Mendel wrote:
yes, thats why i wrote forget about it ...
--
Sebastian
Michal Čihař schrieb:
being granted all rights if there is no config.inc and if root has no pw set
in mysql is even worse, isn't it? Hi
On Thu, 22 Mar 2007 09:29:09 +0100
Sebastian Mendel <lists(a)sebastianmendel.de> wrote:
but i am not sure ... it
gives everybody the possibility for bruteforce
attacks on new installations ... or?
btw. we have no protection against bruteforce, or?
such a protection would require a shared place to store data: db, shmem or
file how about fall back to cookie or http auth if
config auth fails?
would make it more easy to run phpMyAdmin out of the box (at least for
localhost)
but only if config is set to root without password
if config_auth_fail, user == 'root', pw == ''
than switch to cookie auth
and display message about it
I already saw request on some generic fallback
configuration scheme
somewhere, but I'm unable to find it right now...