[Phpmyadmin-devel] fallback login to http or cookie when config fails?

Sebastian Mendel lists at sebastianmendel.de
Fri Mar 23 08:47:15 CET 2007

Juergen Wind schrieb:
> Sebastian Mendel wrote:
>> Michal Čihař schrieb:
>>> Hi
>>> On Thu, 22 Mar 2007 09:29:09 +0100
>>> Sebastian Mendel <lists at sebastianmendel.de> wrote:
>>>> how about fall back to cookie or http auth if config auth fails?
>>>> would make it more easy to run phpMyAdmin out of the box (at least for
>>>> localhost)
>>>> but only if config is set to root without password
>>>> if config_auth_fail, user == 'root', pw == ''
>>>> than switch to cookie auth
>>>> and display message about it
>>> I already saw request on some generic fallback configuration scheme
>>> somewhere, but I'm unable to find it right now...
>> but i am not sure ... it gives everybody the possibility for bruteforce
>> attacks on new installations ... or?
>> btw. we have no protection against bruteforce, or?
>> such a protection would require a shared place to store data: db, shmem or
>> file
> being granted all rights if there is no config.inc and if root has no pw set
> in mysql is even worse, isn't it? 

yes, thats why i wrote forget about it ...


More information about the Developers mailing list