[Phpmyadmin-devel] fallback login to http or cookie when config fails?
Juergen Wind
jwind at gmx.de
Fri Mar 23 00:56:55 CET 2007
Sebastian Mendel wrote:
>
> Michal Čihař schrieb:
>> Hi
>>
>> On Thu, 22 Mar 2007 09:29:09 +0100
>> Sebastian Mendel <lists at sebastianmendel.de> wrote:
>>
>>> how about fall back to cookie or http auth if config auth fails?
>>>
>>> would make it more easy to run phpMyAdmin out of the box (at least for
>>> localhost)
>>>
>>> but only if config is set to root without password
>>>
>>> if config_auth_fail, user == 'root', pw == ''
>>> than switch to cookie auth
>>> and display message about it
>>
>> I already saw request on some generic fallback configuration scheme
>> somewhere, but I'm unable to find it right now...
>
> but i am not sure ... it gives everybody the possibility for bruteforce
> attacks on new installations ... or?
>
> btw. we have no protection against bruteforce, or?
>
> such a protection would require a shared place to store data: db, shmem or
> file
>
> --
> Sebastian Mendel
>
>
being granted all rights if there is no config.inc and if root has no pw set
in mysql is even worse, isn't it?
--
View this message in context: http://www.nabble.com/fallback-login-to-http-or-cookie-when-config-fails--tf3446139.html#a9626681
Sent from the phpmyadmin-devel mailing list archive at Nabble.com.
More information about the Developers
mailing list