[Phpmyadmin-devel] Re: MAJOR security hole

Lo�c loic-div at ifrance.com
Mon Aug 12 05:34:02 CEST 2002

Hi List!

> I've just had a major security hole reported to me by
> Colin Keigher (AnimeFreak) <animefreak at users.sourceforge.net>
> It relates to how some sites have PMA set up (they have username
> and password hardcoded, without any .htaccess protection).

Well it's not really a phpMyAdmin security hole. It's
up to the user to take care about such a problem.
Maybe we can add some words about the way to build an
".htaccess" file in the documentation.

> With using some of these URL's you can do stuff like:

As far as I remember, this issue has been fixed a long
time ago. A report about this problem were written by
SecureReality and we fixed it just after the 2.1.0


Pour mieux recevoir vos emails, utilisez un PC plus performant !
Découvrez la nouvelle gamme DELL en exclusivité sur i (france)

More information about the Developers mailing list