[Phpmyadmin-devel] fallback login to http or cookie when config fails?
Sebastian Mendel
lists at sebastianmendel.de
Fri Mar 23 08:47:15 CET 2007
Juergen Wind schrieb:
>
>
> Sebastian Mendel wrote:
>> Michal Čihař schrieb:
>>> Hi
>>>
>>> On Thu, 22 Mar 2007 09:29:09 +0100
>>> Sebastian Mendel <lists at sebastianmendel.de> wrote:
>>>
>>>> how about fall back to cookie or http auth if config auth fails?
>>>>
>>>> would make it more easy to run phpMyAdmin out of the box (at least for
>>>> localhost)
>>>>
>>>> but only if config is set to root without password
>>>>
>>>> if config_auth_fail, user == 'root', pw == ''
>>>> than switch to cookie auth
>>>> and display message about it
>>> I already saw request on some generic fallback configuration scheme
>>> somewhere, but I'm unable to find it right now...
>> but i am not sure ... it gives everybody the possibility for bruteforce
>> attacks on new installations ... or?
>>
>> btw. we have no protection against bruteforce, or?
>>
>> such a protection would require a shared place to store data: db, shmem or
>> file
>
> being granted all rights if there is no config.inc and if root has no pw set
> in mysql is even worse, isn't it?
yes, thats why i wrote forget about it ...
--
Sebastian
More information about the Developers
mailing list