[Phpmyadmin-devel] Fwd: fallback login to http or cookie when config
Greetings! On 3/22/07, Marc Delisle <Marc.Delisle@cegepsherbrooke.qc.ca> wrote:
I would prefer to remove "config" auth.
While I don't object, some users may feel alienated if this change isn't handled carefully. There are no doubt plenty of users who enjoy the lack of authentication (many users are home users on a secured intranet) that comes with config, and some who use .htaccess with 'config' to secure their systems (don't ask me why, but they like it that way). I'm just saying that some users may be offended if the feature silently disappears. Perhaps a poll on phpmyadmin.net or at least a comment soliciting email feedback is warranted (perhaps not). Just my thoughts, hope you all have a great day! ~isaac
Isaac Bennetch a écrit :
Greetings!
On 3/22/07, Marc Delisle <Marc.Delisle@cegepsherbrooke.qc.ca> wrote:
I would prefer to remove "config" auth.
While I don't object, some users may feel alienated if this change isn't handled carefully. There are no doubt plenty of users who enjoy the lack of authentication (many users are home users on a secured intranet) that comes with config, and some who use .htaccess with 'config' to secure their systems (don't ask me why, but they like it that way). I'm just saying that some users may be offended if the feature silently disappears. Perhaps a poll on phpmyadmin.net or at least a comment soliciting email feedback is warranted (perhaps not).
Just my thoughts, hope you all have a great day! ~isaac
It's true that they might be offended but we have to balance that, with the problems this "mis-feature" brings. Let's say we keep this feature and add some warnings. We already display a message when a user is logged with config auth, root and no password. We could change/extend this message. - the message is not comprehensive because a privileged user might have a login name different than "root" - it might be a bad idea to let non-priv users in without any password - we could display that "config" auth is not recommended, pointing to a FAQ entry Marc
On 3/22/07, Marc Delisle <Marc.Delisle@cegepsherbrooke.qc.ca> wrote:
It's true that they might be offended but we have to balance that, with the problems this "mis-feature" brings.
Oh, absolutely, I wasn't as much arguing that we should keep it as just warning to be cautious about how to go about removing it. Users don't seem to like change -- which shouldn't limit you all improving PMA, but sometimes means making those changes is harder; for example displaying warnings about a depreciated feature instead of dropping it right out (then maybe dropping it in a version or two). You all do fine work with this, thank you, ~ipb
participants (2)
-
Isaac Bennetch -
Marc Delisle