[Phpmyadmin-devel] fallback login to http or cookie when config fails?
Sebastian Mendel
lists at sebastianmendel.de
Thu Mar 22 10:27:08 CET 2007
Michal Čihař schrieb:
> Hi
>
> On Thu, 22 Mar 2007 09:29:09 +0100
> Sebastian Mendel <lists at sebastianmendel.de> wrote:
>
>> how about fall back to cookie or http auth if config auth fails?
>>
>> would make it more easy to run phpMyAdmin out of the box (at least for
>> localhost)
>>
>> but only if config is set to root without password
>>
>> if config_auth_fail, user == 'root', pw == ''
>> than switch to cookie auth
>> and display message about it
>
> I already saw request on some generic fallback configuration scheme
> somewhere, but I'm unable to find it right now...
but i am not sure ... it gives everybody the possibility for bruteforce
attacks on new installations ... or?
btw. we have no protection against bruteforce, or?
such a protection would require a shared place to store data: db, shmem or file
--
Sebastian Mendel
www.sebastianmendel.de
More information about the Developers
mailing list