[Phpmyadmin-devel] speed improvement in auth_type cookie!

Garvin Hicking phpmyadmin at supergarv.de
Wed Nov 24 06:31:30 CET 2004

Hi Marc!

> Hi Garvin,
> this would mean that a stolen cookie can be used to authenticate.

Well, but let's say PMA is used on a host which is restricted via IP protection,
or an internal server, where you suppose no cookies can/will be stolen - the
only way for users without mcrypt would be to not use cookies; instead I would
think it would be better to offer them to turn of validity checking in that

But then again, I'm not much into all that Cookie-Stealing-Security issues. :)


Garvin Hicking   | Web-Entwickler | Make me happy:
www.supergarv.de | #ICQ 21392242  | http://wishes.garv.info/

More information about the Developers mailing list