[Phpmyadmin-devel] Re: IP Allow/Deny code

[Rabus]

----- Original Message -----
From: "Loïc" <loic-div at ifrance.com>

> But I've got a question: imagine that the script detects the user is
> behind a proxy but can't get the true ip of this user. What should we
> do in this case? (Currently, the script allow the user to log in).

We must change this. It would be to insecure if we'd let the user log in
without knowing its IP!

> BTW what do you think of adding some warning in the documentation
> about this feature because it's a security mechanism for phpMyAmin
> only and not for MySQL itself and I'm afraid some end-users would
> be a bit confused else.

Of course we should do that.
And we'd also better add a warning about the proxy problem if we cannot
solve it.

Alexander