Hi List!

I've just had a major security hole reported to me by Colin Keigher (AnimeFreak) animefreak@users.sourceforge.net It relates to how some sites have PMA set up (they have username and password hardcoded, without any .htaccess protection).

Well it's not really a phpMyAdmin security hole. It's up to the user to take care about such a problem. Maybe we can add some words about the way to build an ".htaccess" file in the documentation.

With using some of these URL's you can do stuff like:

http://www1.tsimtung.com/phpMyAdmin/sql.php?goto=/etc/passwd&btnDrop=No

As far as I remember, this issue has been fixed a long time ago. A report about this problem were written by SecureReality and we fixed it just after the 2.1.0 release.

Loïc

______________________________________________________________________________ Pour mieux recevoir vos emails, utilisez un PC plus performant ! Découvrez la nouvelle gamme DELL en exclusivité sur i (france) http://www.ifrance.com/_reloc/signhdell