Isaac Bennetch a écrit :
Greetings!
On 3/22/07, Marc Delisle Marc.Delisle@cegepsherbrooke.qc.ca wrote:
I would prefer to remove "config" auth.
While I don't object, some users may feel alienated if this change isn't handled carefully. There are no doubt plenty of users who enjoy the lack of authentication (many users are home users on a secured intranet) that comes with config, and some who use .htaccess with 'config' to secure their systems (don't ask me why, but they like it that way). I'm just saying that some users may be offended if the feature silently disappears. Perhaps a poll on phpmyadmin.net or at least a comment soliciting email feedback is warranted (perhaps not).
Just my thoughts, hope you all have a great day! ~isaac
It's true that they might be offended but we have to balance that, with the problems this "mis-feature" brings.
Let's say we keep this feature and add some warnings.
We already display a message when a user is logged with config auth, root and no password. We could change/extend this message.
- the message is not comprehensive because a privileged user might have a login name different than "root" - it might be a bad idea to let non-priv users in without any password - we could display that "config" auth is not recommended, pointing to a FAQ entry
Marc