[Phpmyadmin-devel] fallback login to http or cookie when config fails?

Sebastian Mendel lists at sebastianmendel.de
Thu Mar 22 13:32:19 CET 2007

Sebastian Mendel schrieb:
> Michal Čihař schrieb:
>> Hi
>> On Thu, 22 Mar 2007 09:29:09 +0100
>> Sebastian Mendel <lists at sebastianmendel.de> wrote:
>>> how about fall back to cookie or http auth if config auth fails?
>>> would make it more easy to run phpMyAdmin out of the box (at least for
>>> localhost)
>>> but only if config is set to root without password
>>> if config_auth_fail, user == 'root', pw == ''
>>> than switch to cookie auth
>>> and display message about it
>> I already saw request on some generic fallback configuration scheme
>> somewhere, but I'm unable to find it right now...
> but i am not sure ... it gives everybody the possibility for bruteforce
> attacks on new installations ... or?

weird ... just forget about this ...

> btw. we have no protection against bruteforce, or?
> such a protection would require a shared place to store data: db, shmem or file

Sebastian Mendel


More information about the Developers mailing list