[Phpmyadmin-devel] insecure login

Rohit Kalhans rohit.kalhans at gmail.com
Tue Oct 26 08:57:11 CEST 2010


Isn't the secure sending of the username and password supposed to be
supported by the SSL connection between the client browser and the server
hosting PMA. i.e  hosting PMA on a server using https protocol?

On Tue, Oct 26, 2010 at 5:12 AM, Peter Miller <petermiller1986 at gmail.com>wrote:

> hi,
> i've recently been ramping up security on my server and i realised that
> phpmyadmin sends the username and password in plaintext accross the http
> connection from client to server when loging in. this seems like quite a
> security hole, so i just thought i'd see if there are any other options to
> use encryption on the username and password for the login page? i've had a
> bit of a look though the code but i couldnt see any options to 'turn on' a
> higher level of security so i'm guessing there currently isnt one. that
> being the case i'd be keen to implement a more secure login.
>
> what are everyone's thoughts on this?
>
> cheers
> pete
>
>
> ------------------------------------------------------------------------------
> Nokia and AT&T present the 2010 Calling All Innovators-North America
> contest
> Create new apps & games for the Nokia N8 for consumers in  U.S. and Canada
> $10 million total in prizes - $4M cash, 500 devices, nearly $6M in
> marketing
> Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store
> http://p.sf.net/sfu/nokia-dev2dev
> _______________________________________________
> Phpmyadmin-devel mailing list
> Phpmyadmin-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/phpmyadmin-devel
>
>


-- 
Rohit Kalhans
blogfolio: http://info-rohit.co.cc
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phpmyadmin.net/pipermail/developers/attachments/20101026/a500cb65/attachment.html>


More information about the Developers mailing list