[Phpmyadmin-devel] new auth

Loïc loic-div at ifrance.com
Mon Nov 5 01:55:03 CET 2001


Hi Robin & List!

>Could we possibly get around this by setting/unsetting the
>register_globals in the config.inc.php3 ?

Yep we may but we also need to set/unset "track_vars" in this
case (if possible ie php < 4.0.3).
Nevertheless we will then face an other other problem: the
secure solution is to set "register_globals" to "off", "track_vars"
to "on" and to use "session_register($HTTP_SESSION_VARS['my_var'])"... as
soon as php < 4.1.0 because since those bugs
will be fixed in 4.1.0 we must use "session_register('my_var')"
with this version.

Else we may set "register_globals" to "on" but this is far less
secure :(

>We would still need the stduser account to get the database
>list. SHOW GRANTS does not show databases that everybody
>has access to. It only shows databases where explict rights
>have been granted to the user.

Right :(

Loïc

 
______________________________________________________________________________
ifrance.com, l'email gratuit le plus complet de l'Internet !
vos emails depuis un navigateur, en POP3, sur Minitel, sur le WAP...
http://www.ifrance.com/_reloc/email.emailif






More information about the Developers mailing list