[Phpmyadmin-devel] Default configuration

Hi all since ever, our default configuration is config which matches MySQL defaults. However we all know it is not really a good option from security point of view, because it might expose MySQL server from inexperienced user to public. I think it's time to change this. 1. Disallow logging in as root without password unless explicitly allowed in our config file. 2. Make cookie the default authentication method. 3. If no Blowfish secret is set, generate one on the fly and store it in the session - it should work for login, but it won't allow to recall username on next login, but if user wants this feature, he needs to set the secret in config. Opinions to make such change in trunk? -- Michal Čihař | http://cihar.com | http://phpmyadmin.cz