----- Original Message -----
From: "Robin Johnson" <robbat2(a)fermi.orbis-terrarum.net>
I've just had a major security hole reported
to me by
Colin Keigher (AnimeFreak) <animefreak(a)users.sourceforge.net>
It relates to how some sites have PMA set up (they have username
and password hardcoded, without any .htaccess protection).
Arg...! No comment :o)
Basically, by searching on Google for
"Welcome to phpMyAdmin" or it's
translated equivilents, you can find a lot of PMA installations. You can
put the version number in there as well, like "Welcome to phpMyAdmin
2.3.0-rc1"
Here is a sample URL to search:
http://www.google.ca/search?hl=en&ie=UTF-8&oe=UTF-8&q=%22Welcom…
in+2.3.0%22&meta=
I've just merged a fix against that, but it needs some testing since I do
not have a machine here which is affected by this securety hole.
Alexander,
you won't like me, but I think we should wait to include a fix for a
"hole" until a developer can reproduce it.
Marc