[Phpmyadmin-devel] fallback login to http or cookie when config
Marc Delisle
Marc.Delisle at cegepsherbrooke.qc.ca
Thu Mar 22 12:13:56 CET 2007
Sebastian Mendel a écrit :
> Hi,
>
> how about fall back to cookie or http auth if config auth fails?
>
> would make it more easy to run phpMyAdmin out of the box (at least for
> localhost)
>
> but only if config is set to root without password
>
> if config_auth_fail, user == 'root', pw == ''
> than switch to cookie auth
> and display message about it
>
>
I would prefer to remove "config" auth. Now that we require cookie
support in browser, I don't see any advantage for "config" auth, only
security issues because their user/password in the file, which requires
protection on the web-server level and protection from spies on a shared
server.
Setup script already generates a blowfish secret.
Our config sample uses "cookie" auth as default.
Marc
More information about the Developers
mailing list