Le 2010-10-26 02:57, Rohit Kalhans a écrit :
Isn't the secure sending of the username and password supposed to be supported by the SSL connection between the client browser and the server hosting PMA. i.e hosting PMA on a server using https protocol?
Indeed. Also, using https covers not only the login phase but also all data sent and received afterwards, which might contain sensitive info.
On Tue, Oct 26, 2010 at 5:12 AM, Peter Miller petermiller1986@gmail.comwrote:
hi, i've recently been ramping up security on my server and i realised that phpmyadmin sends the username and password in plaintext accross the http connection from client to server when loging in. this seems like quite a security hole, so i just thought i'd see if there are any other options to use encryption on the username and password for the login page? i've had a bit of a look though the code but i couldnt see any options to 'turn on' a higher level of security so i'm guessing there currently isnt one. that being the case i'd be keen to implement a more secure login.
what are everyone's thoughts on this?
cheers pete