Hi Marc, Michal & list,
Marc Delisle wrote:
Michal Cihar a écrit:
There should still be posibility to disable this, to keep iterface as simple as possible (eg. with just one server).
MichalMichal,
well, if you like. But I think that having this:
Server choice: [(drop-down)] or [enter server name]
would not clutter the interface too much. Plus it opens the eyes of users about this feature if we always show it, or if we show it by default.
Currently if we have just one server, we even don't show it on the login page, and I think that showing it would be an improvement.
Also, the auth_type 'arbitrary' somehow hides the fact that the mode is really cookie.
It has to be possible to disable the arbitary server mode. Not for cosmetic reasons: for security reasons!
Let's imagin a small company network with two servers: server 1 and server 2, both running the MySQL server software. Server 1 is connected to the internet permanently. The MySQL database on server 1 sometimes has to be accessed from outside the network. This is why the sysadmin installed phpMyAdmin on server 1.
The MySQL server on server 2 contains serious data and may not be accessible from the internet. Nevertheless, this database powers some php scripts running on server 1, so server 1 has to be able to connect to server 2's MySQL database.
In this case, phpMyAdmin would be a security hole, if the arbitrary server mode wouldn't be configurable.
In addition to this, an internet user would not only be able to access server 1 and 2, he would also be able to use the owner's bandwidth to access thousands of different servers all over the world.
Regards,
Alexader