[Phpmyadmin-devel] Default configuration

Thijs Kinkhorst thijs at debian.org
Wed Sep 3 12:50:38 CEST 2008


On Wednesday 3 September 2008 11:53, Michal Čihař wrote:
> 1. Disallow logging in as root without password unless explicitly
> allowed in our config file.
>
> 2. Make cookie the default authentication method.
>
> 3. If no Blowfish secret is set, generate one on the fly and store it
> in the session - it should work for login, but it won't allow to recall
> username on next login, but if user wants this feature, he needs to set
> the secret in config.
>
> Opinions to make such change in trunk?

I'd be in favour. Especially the root-without-password issue seems to pop up 
from time to time, and I think that the number of users that willingly want 
to open up access for root+"" is very small. You could add an extra check if 
REMOTE_ADDR != 127.0.0.1, so localhost,root,"" is still possible as it would 
be with the mysql command line client, but any truly remote access isn't.



cheers,
Thijs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 481 bytes
Desc: not available
URL: <http://lists.phpmyadmin.net/pipermail/developers/attachments/20080903/8f403a8b/attachment.sig>


More information about the Developers mailing list