[Phpmyadmin-devel] Default configuration
Michal Čihař
michal at cihar.com
Wed Sep 3 11:53:37 CEST 2008
Hi all
since ever, our default configuration is config which matches MySQL
defaults. However we all know it is not really a good option from
security point of view, because it might expose MySQL server from
inexperienced user to public. I think it's time to change this.
1. Disallow logging in as root without password unless explicitly
allowed in our config file.
2. Make cookie the default authentication method.
3. If no Blowfish secret is set, generate one on the fly and store it
in the session - it should work for login, but it won't allow to recall
username on next login, but if user wants this feature, he needs to set
the secret in config.
Opinions to make such change in trunk?
--
Michal Čihař | http://cihar.com | http://phpmyadmin.cz
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <http://lists.phpmyadmin.net/pipermail/developers/attachments/20080903/1c0de1d0/attachment.sig>
More information about the Developers
mailing list