DelislMa at CollegeSherbrooke.qc.ca
Mon Aug 20 14:16:43 CEST 2001
I am not happy with this phrase:
"MySQL passwords cannot be decrypted easily, so there's no chance
for a normal user to look at other users' plaintext passwords."
This phrase could make someone believe that with phpMyAdmin in advanced auth, normal users can have
a look at encrypted passwords, which is not true.
If config.inc.php3 is properly protected (as explained in the doc), users can't even see the stduser
Maybe we should remove this phrase, and add something telling the sysadmin to put PHP in safe mode
"Your config.inc.php3 file should be chmod 660"
More information about the Developers