Re: [Phpmyadmin-devel] fallback login to http or cookie when config

Sebastian Mendel a écrit :

Hi,

how about fall back to cookie or http auth if config auth fails?

would make it more easy to run phpMyAdmin out of the box (at least for localhost)

but only if config is set to root without password

if config_auth_fail, user == 'root', pw == '' than switch to cookie auth and display message about it

I would prefer to remove "config" auth. Now that we require cookie support in browser, I don't see any advantage for "config" auth, only security issues because their user/password in the file, which requires protection on the web-server level and protection from spies on a shared server.

Setup script already generates a blowfish secret.

Our config sample uses "cookie" auth as default. Marc