[Phpmyadmin-devel] new auth
Robin Johnson
robbat2 at fermi.orbis-terrarum.net
Sat Nov 3 12:03:08 CET 2001
On Sat, 3 Nov 2001, [iso-8859-1] Loïc wrote:
> Hi List!
> Ok for session but as to me they are still quite buggy :(
>
> For example, with "track_vars" set:
>
> 1. Just try to set register_globals to "off" (it's the
> recomended value) and you'll face a really annoying bug that
> exists from php 4.0.1-pl1 to the current 4.0.6 version (it seems
> to be fixed in the current cvs for the 4.1.0 version) :
> $HTTP_SESSION_VARS is not updated when you use
> session_register('my_var')!
>
> 2. No set register_globals to "on" and you will see that
> $HTTP_SESSION_VARS is not more updated (while it should
> because "track_vars" is on).
>
> See also php bug reports #5329, #11861, #12600.... and users notes at this
> url: http://www.php.net/manual/en/ref.session.php
>
> In a few words it means it will be very hard to know "which" session data to
> use.
Could we possibly get around this by setting/unsetting the
register_globals in the config.inc.php3 ?
> >'session'
> >session-based, customized login panel, session id propagated by URL
> >(still use stduser?)
> Hum, how can we skip "stduser" ? The problem is not related to session
> IMHO but to the MySQL version: if 3.23.4+ we may skip "stduser" since
> the "SHOW GRANTS" MySQL statement is usable, else there is no better
> way than "stduser" to get the user privileges.
We would still need the stduser account to get the database list. SHOW
GRANTS does not show databases that everybody has access to. It only shows
databases where explict rights have been granted to the user.
--
Robin Hugh Johnson
"Robbat2"
QTOD: "I used to be an idealist, but I got mugged by reality."
E-Mail : robbat2 at orbis-terrarum.net
ICQ# : 30269588 or 41961639
Home Page : http://www.orbis-terrarum.net
Time Zone : Pacific Daylight (GMT - 8)
-----BEGIN GEEK CODE-----
geekcode.com ebb.org/ungeek
GCS/M/IT d-(+) s+:- a--- C++++
U++++ L++++ P--(+) W++ K++ PS+
N++ w--- O E---- M-(+) V-- Y++
PE++ PGP++ t-- 5 X+ R tv- b+++
D++ G++ e(*) h! r-- !y+
------END GEEK CODE------
-----PGP INFO-{---
Key ID:0x7E20DFA1
FingerPrint:
5447C73A 30FB144C 89521B69 2D6A615E 7E20DFA1
---}-PGP INFO-----
More information about the Developers
mailing list