[Phpmyadmin-devel] fallback login to http or cookie when config fails?
Sebastian Mendel
lists at sebastianmendel.de
Thu Mar 22 13:32:19 CET 2007
Sebastian Mendel schrieb:
> Michal Čihař schrieb:
>> Hi
>>
>> On Thu, 22 Mar 2007 09:29:09 +0100
>> Sebastian Mendel <lists at sebastianmendel.de> wrote:
>>
>>> how about fall back to cookie or http auth if config auth fails?
>>>
>>> would make it more easy to run phpMyAdmin out of the box (at least for
>>> localhost)
>>>
>>> but only if config is set to root without password
>>>
>>> if config_auth_fail, user == 'root', pw == ''
>>> than switch to cookie auth
>>> and display message about it
>> I already saw request on some generic fallback configuration scheme
>> somewhere, but I'm unable to find it right now...
>
> but i am not sure ... it gives everybody the possibility for bruteforce
> attacks on new installations ... or?
weird ... just forget about this ...
> btw. we have no protection against bruteforce, or?
>
> such a protection would require a shared place to store data: db, shmem or file
--
Sebastian Mendel
www.sebastianmendel.de
More information about the Developers
mailing list