[Phpmyadmin-devel] fallback login to http or cookie when config fails?

Sebastian Mendel lists at sebastianmendel.de
Thu Mar 22 10:27:08 CET 2007

Michal Čihař schrieb:
> Hi
> On Thu, 22 Mar 2007 09:29:09 +0100
> Sebastian Mendel <lists at sebastianmendel.de> wrote:
>> how about fall back to cookie or http auth if config auth fails?
>> would make it more easy to run phpMyAdmin out of the box (at least for
>> localhost)
>> but only if config is set to root without password
>> if config_auth_fail, user == 'root', pw == ''
>> than switch to cookie auth
>> and display message about it
> I already saw request on some generic fallback configuration scheme
> somewhere, but I'm unable to find it right now...

but i am not sure ... it gives everybody the possibility for bruteforce
attacks on new installations ... or?

btw. we have no protection against bruteforce, or?

such a protection would require a shared place to store data: db, shmem or file

Sebastian Mendel


More information about the Developers mailing list