Isn't the secure sending of the username and password supposed to be supported by the SSL connection between the client browser and the server hosting PMA. i.e hosting PMA on a server using https protocol?
On Tue, Oct 26, 2010 at 5:12 AM, Peter Miller petermiller1986@gmail.comwrote:
hi, i've recently been ramping up security on my server and i realised that phpmyadmin sends the username and password in plaintext accross the http connection from client to server when loging in. this seems like quite a security hole, so i just thought i'd see if there are any other options to use encryption on the username and password for the login page? i've had a bit of a look though the code but i couldnt see any options to 'turn on' a higher level of security so i'm guessing there currently isnt one. that being the case i'd be keen to implement a more secure login.
what are everyone's thoughts on this?
cheers pete
Nokia and AT&T present the 2010 Calling All Innovators-North America contest Create new apps & games for the Nokia N8 for consumers in U.S. and Canada $10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store http://p.sf.net/sfu/nokia-dev2dev _______________________________________________ Phpmyadmin-devel mailing list Phpmyadmin-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/phpmyadmin-devel