[Phpmyadmin-devel] Fwd: Potential patch for phpMyAdmin auth

Loïc loic-div at ifrance.com
Fri Nov 16 08:43:04 CET 2001

Hi List!

I forward a message received a few days ago from Rod Whitby
<Rod.Whitby at motorola.com>.

My reply to this suggestion is : authentication with en empty password
is IMHO way too much specific to your case, Rod, to be taken into account
for the official version. But it's just my 2 cents...


---- Fwd -------------------
Subject: Potential patch for phpMyAdmin auth
From: Rod Whitby <Rod.Whitby at motorola.com>
Message-Id: <E1636QK-0007IT-00 at usw-sf-web2.sourceforge.net>
Sender: nobody <nobody at sourceforge.net>
Date: Sun, 11 Nov 2001 18:02:08 -0800

I saw from the patch tracker that you are rewriting the
phpMyAdmin authentication routines.

I have a need for a particular type of authentication, and
wanted to check whether you were considering supporting
that style of authentication before I went to the trouble
of submitting my patch.

The style is that everyone is authenticated against the
HTTP server (via LDAP or some other non-MySQL means, for
example), and then I have entries in the user database for
people but have no password.  The machine on which the web
server runs has restricted logins so I know that if someone
was able to log into the web server, then I can allow them
to log into MySQL server without a password (I still put in
a user entry for them, so I can restrict which databases
they have priviledges for).

So basically, I need a scheme where PHP_AUTH_USER and
PHP_AUTH_PW will be set to real values, but I only want to
use PHP_AUTH_USER and I want to ignore PHP_AUTH_PW.

At the moment I have a patch which does the following:
If the connect with PHP_AUTH_USER and PHP_AUTH_PW fails,
then try again with PHP_AUTH_USER and no password.

Is this something you are considering ?

Would what you are considering meet my needs some other
way ?

Should I just add another server config variable which says
to retry with no password on failure ?

I'd really like to get something into the standard
distribution so that I don't have to patch each new version
of phpMyAdmin myself locally.

Rod Whitby

ifrance.com, l'email gratuit le plus complet de l'Internet !
vos emails depuis un navigateur, en POP3, sur Minitel, sur le WAP...

More information about the Developers mailing list