20 Aug
2001
20 Aug
'01
2:16 p.m.
I am not happy with this phrase:
"MySQL passwords cannot be decrypted easily, so there's no chance for a normal user to look at other users' plaintext passwords."
This phrase could make someone believe that with phpMyAdmin in advanced auth, normal users can have a look at encrypted passwords, which is not true.
If config.inc.php3 is properly protected (as explained in the doc), users can't even see the stduser password.
Maybe we should remove this phrase, and add something telling the sysadmin to put PHP in safe mode after:
"Your config.inc.php3 file should be chmod 660"
Marc