[Phpmyadmin-devel] about root with no pass
Sebastian Mendel
lists at sebastianmendel.de
Tue Aug 7 14:53:04 CEST 2007
Hi,
even if it is a good feature to run phpMyAdmin out of the box on a dev
system with root and no pw i think we should limit this ...
possible we could add an config switch and/or version check
if version is dev, from svn or forced by config
($cfg['allow_root_with_no_pw']) allow root with no pass
if version is release deny root with no password (except it is forced by
config switch to be allowed)
and phpMyAdmin should trigger_error to log this error and report a generic
security error message to the user 'security error, please check php errror
log for further details'
what do you think about?
--
Sebastian
More information about the Developers
mailing list