[Phpmyadmin-devel] fallback login to http or cookie when config

Marc Delisle Marc.Delisle at cegepsherbrooke.qc.ca
Thu Mar 22 12:13:56 CET 2007

Sebastian Mendel a écrit :
> Hi,
> how about fall back to cookie or http auth if config auth fails?
> would make it more easy to run phpMyAdmin out of the box (at least for
> localhost)
> but only if config is set to root without password
> if config_auth_fail, user == 'root', pw == ''
> than switch to cookie auth
> and display message about it

I would prefer to remove "config" auth. Now that we require cookie 
support in browser, I don't see any advantage for "config" auth, only 
security issues because their user/password in the file, which requires 
protection on the web-server level and protection from spies on a shared 

Setup script already generates a blowfish secret.

Our config sample uses "cookie" auth as default.

More information about the Developers mailing list