hi, i've recently been ramping up security on my server and i realised that phpmyadmin sends the username and password in plaintext accross the http connection from client to server when loging in. this seems like quite a security hole, so i just thought i'd see if there are any other options to use encryption on the username and password for the login page? i've had a bit of a look though the code but i couldnt see any options to 'turn on' a higher level of security so i'm guessing there currently isnt one. that being the case i'd be keen to implement a more secure login.
what are everyone's thoughts on this?
cheers pete
Isn't the secure sending of the username and password supposed to be supported by the SSL connection between the client browser and the server hosting PMA. i.e hosting PMA on a server using https protocol?
On Tue, Oct 26, 2010 at 5:12 AM, Peter Miller petermiller1986@gmail.comwrote:
hi, i've recently been ramping up security on my server and i realised that phpmyadmin sends the username and password in plaintext accross the http connection from client to server when loging in. this seems like quite a security hole, so i just thought i'd see if there are any other options to use encryption on the username and password for the login page? i've had a bit of a look though the code but i couldnt see any options to 'turn on' a higher level of security so i'm guessing there currently isnt one. that being the case i'd be keen to implement a more secure login.
what are everyone's thoughts on this?
cheers pete
Nokia and AT&T present the 2010 Calling All Innovators-North America contest Create new apps & games for the Nokia N8 for consumers in U.S. and Canada $10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store http://p.sf.net/sfu/nokia-dev2dev _______________________________________________ Phpmyadmin-devel mailing list Phpmyadmin-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/phpmyadmin-devel
Le 2010-10-26 02:57, Rohit Kalhans a écrit :
Isn't the secure sending of the username and password supposed to be supported by the SSL connection between the client browser and the server hosting PMA. i.e hosting PMA on a server using https protocol?
Indeed. Also, using https covers not only the login phase but also all data sent and received afterwards, which might contain sensitive info.
On Tue, Oct 26, 2010 at 5:12 AM, Peter Miller petermiller1986@gmail.comwrote:
hi, i've recently been ramping up security on my server and i realised that phpmyadmin sends the username and password in plaintext accross the http connection from client to server when loging in. this seems like quite a security hole, so i just thought i'd see if there are any other options to use encryption on the username and password for the login page? i've had a bit of a look though the code but i couldnt see any options to 'turn on' a higher level of security so i'm guessing there currently isnt one. that being the case i'd be keen to implement a more secure login.
what are everyone's thoughts on this?
cheers pete
-
Marc Delisle -
Peter Miller -
Rohit Kalhans