[Phpmyadmin-devel] fallback login to http or cookie when config fails?

Sebastian Mendel lists at sebastianmendel.de
Fri Mar 23 08:47:15 CET 2007


Juergen Wind schrieb:
> 
> 
> Sebastian Mendel wrote:
>> Michal Čihař schrieb:
>>> Hi
>>>
>>> On Thu, 22 Mar 2007 09:29:09 +0100
>>> Sebastian Mendel <lists at sebastianmendel.de> wrote:
>>>
>>>> how about fall back to cookie or http auth if config auth fails?
>>>>
>>>> would make it more easy to run phpMyAdmin out of the box (at least for
>>>> localhost)
>>>>
>>>> but only if config is set to root without password
>>>>
>>>> if config_auth_fail, user == 'root', pw == ''
>>>> than switch to cookie auth
>>>> and display message about it
>>> I already saw request on some generic fallback configuration scheme
>>> somewhere, but I'm unable to find it right now...
>> but i am not sure ... it gives everybody the possibility for bruteforce
>> attacks on new installations ... or?
>>
>> btw. we have no protection against bruteforce, or?
>>
>> such a protection would require a shared place to store data: db, shmem or
>> file
> 
> being granted all rights if there is no config.inc and if root has no pw set
> in mysql is even worse, isn't it? 

yes, thats why i wrote forget about it ...

-- 
Sebastian




More information about the Developers mailing list