Work at SourceForge, help us to make it a better place! We have an immediate need for a Support Technician in our San Francisco or Denver office.

You can subscribe to this list here.

2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 Jan Feb Mar (25) Apr (36) May (32) Jun (46) Jul (11) Aug (16) Sep (13) Oct (8) Nov (29) Dec (22) Jan (2) Feb (15) Mar (15) Apr (5) May (96) Jun (24) Jul (5) Aug (7) Sep (27) Oct (31) Nov (2) Dec (3) Jan (4) Feb (9) Mar (42) Apr (16) May (26) Jun (18) Jul (24) Aug (142) Sep (127) Oct (16) Nov (15) Dec (32) Jan (18) Feb (44) Mar (24) Apr (21) May (25) Jun (27) Jul (19) Aug (80) Sep (31) Oct (17) Nov (14) Dec (28) Jan (33) Feb (45) Mar (18) Apr (40) May (14) Jun (37) Jul (29) Aug (20) Sep (20) Oct (22) Nov (24) Dec (12) Jan (19) Feb (6) Mar (15) Apr (16) May (14) Jun (41) Jul (25) Aug (26) Sep (56) Oct (24) Nov (38) Dec (33) Jan (72) Feb (64) Mar (49) Apr (29) May (19) Jun (43) Jul (24) Aug (9) Sep (22) Oct (2) Nov (4) Dec (14) Jan (27) Feb (24) Mar (117) Apr (230) May (22) Jun (25) Jul (44) Aug (25) Sep (3) Oct (6) Nov (19) Dec (26) Jan (38) Feb (62) Mar (127) Apr (179) May (104) Jun (70) Jul (23) Aug (33) Sep (40) Oct (27) Nov (26) Dec (53) Jan (62) Feb (36) Mar (88) Apr (142) May (10) Jun (3) Jul (7) Aug (4) Sep Oct (2) Nov (7) Dec (6) Jan (5) Feb Mar Apr May Jun Jul (1) Aug Sep Oct (1) Nov Dec (1) Jan Feb Mar Apr May (1) Jun Jul Aug Sep Oct Nov Dec
S M T W T F S

1
(2)
2

3

4

5

6

7

8

9

10

11

12
(1)
13

14

15

16

17

18

19
(2)
20
(1)
21

22

23
(4)
24

25
(1)
26

27

28

29

30

31

Showing 11 results of 11

 [Phpmyadmin-trk-patches] [ phpmyadmin-Patches-777451 ] Improved Latex export From: SourceForge.net - 2003-07-25 10:32:30 Patches item #777451, was opened at 2003-07-25 12:32 Message generated for change (Tracker Item Submitted) made by Item Submitter You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=377410&aid=777451&group_id=23067 Category: Data insertion/extraction Group: Work in progress Status: Open Resolution: None Priority: 5 Submitted By: Kris Ven (hinayani) Assigned to: Nobody/Anonymous (nobody) Summary: Improved Latex export Initial Comment: While using phpMyAdmin to automatically generate documentation on my databases, I added the following improvements to the Latex export module (libraries/export/latex.php): - The 'table' environment is removed, because otherwise the longtable is terminated anyway at the end of a page. Only the longtable environment is required. - Table captions are included in the form "table x: Table " and "table x: Table (continued)" if the table spans multiple pages. This makes it easy to recognize the name of the table, since previously the name of the table wasn't included in the output. - A label for each table is also exported in the form "\label{tab:table-}". This is easy when refering to the table in a text. - Changed the format of the 'links to' field to '()', since the greater-than sign is a special character in Latex. See also bug 776957: http://sourceforge.net/tracker/index.php?func=detail&aid=776957&group_id=23067&atid=377408 - Fields that are part of the primary key of a table are highlighted in italic. - Column headings are still centered, but the other rows can have alternative alignment (for example left for the field names). The changes are limited to the 'structure' part of the script. No changes on the data exporting part are done. The patch file attached is against version 1.2 of latex.php, as shipped with phpMyAdmin 2.5.2. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=377410&aid=777451&group_id=23067 
 [Phpmyadmin-trk-patches] [ phpmyadmin-Patches-760862 ] (in 2.5.2) Password encoding with blowfish From: SourceForge.net - 2003-07-23 09:24:31 Patches item #760862, was opened at 2003-06-26 00:28 Message generated for change (Settings changed) made by garvinhicking You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=377410&aid=760862&group_id=23067 Category: None Group: None >Status: Closed Resolution: Accepted Priority: 1 Submitted By: Marc Delisle (lem9) Assigned to: Marc Delisle (lem9) Summary: (in 2.5.2) Password encoding with blowfish Initial Comment: To test, put this in libraries/auth. Please comment. Those functions would go in cookie.auth.lib, to encode/decode the password to/from the cookies. ---------------------------------------------------------------------- Comment By: Marc Delisle (lem9) Date: 2003-07-01 21:37 Message: Logged In: YES user_id=210714 Merged with your suggestion. ---------------------------------------------------------------------- Comment By: Michal Čihař (nijel) Date: 2003-07-01 14:10 Message: Logged In: YES user_id=192186 My comments: 1. it works okay, now we need to force everybody to choose his key 2. for deleting cookie, set it to '' and not PMA_blowfish_encrypt('', 'secret'), or is there something I'm missing? IMHO this can go to CVS (+ user_password.php3 change). ---------------------------------------------------------------------- Comment By: Marc Delisle (lem9) Date: 2003-06-30 13:16 Message: Logged In: YES user_id=210714 TODO: call blowfish in user_password.php3 ---------------------------------------------------------------------- Comment By: Marc Delisle (lem9) Date: 2003-06-30 13:11 Message: Logged In: YES user_id=210714 Please try blowfish.zip. Put the new cookie.auth.lib.php3 in /libraries/auth, and blowfish.php3 in /libraries. For now, the secret is hardcoded, but I plan to use a secret entered in the config file, as I said in my previous message. Tell me your feeling about the small time overhead. Did not receive news from the Horde author of blowfish.php, but I guess LGPL permits us to include this. ---------------------------------------------------------------------- Comment By: Marc Delisle (lem9) Date: 2003-06-28 12:55 Message: Logged In: YES user_id=210714 Ok my tests with blowfish look good, I just asked a few remaining questions to the author. I think it will be more secure to force users (installers) of the cookie mode, to enter their own secret key in the config file, and we should even refuse, with an appropriate error message, to process cookie mode without a secret key. ---------------------------------------------------------------------- Comment By: Marc Delisle (lem9) Date: 2003-06-26 15:33 Message: Logged In: YES user_id=210714 Well, he could decode anyone else's password, only for users of the same phpMyAdmin installation. So this reduces the number of potential attackers. I will try to understand blowfish and come back here. ---------------------------------------------------------------------- Comment By: Michal Čihař (nijel) Date: 2003-06-26 12:47 Message: Logged In: YES user_id=192186 I'm not expert on ciphers, but the one used in attached code allows you to acquire "secret" when you know original text and ciphered text. This should not be possible and I expect that using something like Blowfish would not allow this. If we would use this code, user can get "secret" just by subtracting his password from ciphered password. And then he could decode anyone elses password... ---------------------------------------------------------------------- Comment By: Marc Delisle (lem9) Date: 2003-06-26 12:38 Message: Logged In: YES user_id=210714 Michal, phpMyAdmin would not know the original text, as it only gets the ciphered one from the cookie. ---------------------------------------------------------------------- Comment By: Michal Čihař (nijel) Date: 2003-06-26 12:25 Message: Logged In: YES user_id=192186 When using some salt and better encryption, you IMHO can't figure out the secret key when you know original text and ciphered text. In horde it is Cipher.php and Secret.php (this uses mcrypt if available, if not it uses Cipher.php). ---------------------------------------------------------------------- Comment By: Marc Delisle (lem9) Date: 2003-06-26 12:09 Message: Logged In: YES user_id=210714 Michal, whatever we use in the algorithm, an attacker which has login on the same server can replay it, no? About horde, in which module is there code for encryption? ---------------------------------------------------------------------- Comment By: Michal Čihař (nijel) Date: 2003-06-26 08:36 Message: Logged In: YES user_id=192186 This adds some security, but not much. If you have login to phpMyAdmin, you can obtain "secret" key easilly. We should use something better than just adding/subtracting values. There are IMHO two possibilities - using mcrypt or some php code to encrypt. Mcrypt will increase our reuirements for installed modules which is bad, php code has speed reduction, but it should not hurt for such small things as passwords. During quick search I found that Horde (http://horde.org/) contains such code and it is licensed under LGPL, so we could use it... ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=377410&aid=760862&group_id=23067 
 [Phpmyadmin-trk-patches] [ phpmyadmin-Patches-757907 ] (in 2.5.2) PDF DHTML editing/positioning control From: SourceForge.net - 2003-07-23 09:24:20 Patches item #757907, was opened at 2003-06-20 14:10 Message generated for change (Settings changed) made by garvinhicking You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=377410&aid=757907&group_id=23067 Category: PDF Group: Finished, needs basic tests >Status: Closed Resolution: None Priority: 1 Submitted By: Garvin Hicking (garvinhicking) Assigned to: Garvin Hicking (garvinhicking) Summary: (in 2.5.2) PDF DHTML editing/positioning control Initial Comment: Here's a DHTML (IE5/Mozilla-compatible) control to easily WYSIWYG control the positioning of PDF elements. See patched Documentation.html for the notes. ---------------------------------------------------------------------- Comment By: Michal Čihař (nijel) Date: 2003-06-23 12:30 Message: Logged In: YES user_id=192186 Looks great, good work Garvin. ---------------------------------------------------------------------- Comment By: Marc Delisle (lem9) Date: 2003-06-20 18:21 Message: Logged In: YES user_id=210714 Ok for me. The function is LGPL. ---------------------------------------------------------------------- Comment By: Garvin Hicking (garvinhicking) Date: 2003-06-20 17:59 Message: Logged In: YES user_id=473563 Any objections to put this into CVS upcoming Monday (2003-06-23)? ---------------------------------------------------------------------- Comment By: Marc Delisle (lem9) Date: 2003-06-20 16:51 Message: Logged In: YES user_id=210714 Yes! thanks. A very welcome addition! ---------------------------------------------------------------------- Comment By: Garvin Hicking (garvinhicking) Date: 2003-06-20 14:18 Message: Logged In: YES user_id=473563 Forgot to mention that currently I did not put the new language variables in the patch and hardcoded the messages. The new strings will be: 'toggle Drag and Drop area' 'reset' I will also remove the DOS CR/LFs in the dom-drag.js file. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=377410&aid=757907&group_id=23067 
 [Phpmyadmin-trk-patches] [ phpmyadmin-Patches-749704 ] (in 2.5.2) Export rework From: SourceForge.net - 2003-07-23 09:24:09 Patches item #749704, was opened at 2003-06-05 18:10 Message generated for change (Settings changed) made by garvinhicking You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=377410&aid=749704&group_id=23067 Category: Data insertion/extraction Group: None >Status: Closed Resolution: Accepted Priority: 1 Submitted By: Michal Čihař (nijel) Assigned to: Michal Čihař (nijel) Summary: (in 2.5.2) Export rework Initial Comment: Here is first working version of export rework. Highlights: - support for exporting selected databases (now you can eg. export all databases into one huge CSV file, really useful feature, but it was no work to implement it :-)) - if not needed buffering, output is send directly - unifies all export, so there is now more common code - sql export can contain relations and mime types in comments ---------------------------------------------------------------------- Comment By: Marc Delisle (lem9) Date: 2003-06-10 13:06 Message: Logged In: YES user_id=210714 Just did a checkout and no more export options problem here. ---------------------------------------------------------------------- Comment By: Michal Čihař (nijel) Date: 2003-06-10 12:35 Message: Logged In: YES user_id=192186 Okay, merged. ---------------------------------------------------------------------- Comment By: Marc Delisle (lem9) Date: 2003-06-10 12:24 Message: Logged In: YES user_id=210714 Ok for CVS. ---------------------------------------------------------------------- Comment By: Michal Čihař (nijel) Date: 2003-06-10 07:15 Message: Logged In: YES user_id=192186 Anyway, I don't see any major problems with this, okay to put it into CVS? ---------------------------------------------------------------------- Comment By: Michal Čihař (nijel) Date: 2003-06-10 07:14 Message: Logged In: YES user_id=192186 Export options are working okay for me (Mozilla 1.4b, Konqueror 3.1.1). And I ddin't change anything except building SQL dump between 4 and 5, so if previous version worked, this one should also... Eh, I just noticed, that I broke french translation by version 5, couldn't this be a problem? I don't know about extensions, I never had such problems in Mozilla under Linux... About compression: The resulting output will made of smaller "files" = there repeat gzip/bzip2 headers, so problems could occur only when something doesn't treat such files as one and this can not be detected... ---------------------------------------------------------------------- Comment By: Marc Delisle (lem9) Date: 2003-06-09 21:39 Message: Logged In: YES user_id=210714 About version 5: I confirm the problem is fixed. However in this version, in Mozilla 1.3 all the export options are displayed on the same page, instead of being dynamic. About bzip2/gzip chunks, if you want to implement it, I suggest - check the bzip2 version (here phpinfo says 1.0.0, 16-May-2000) and/ or - a tick box on the interface to enable this new transmit mode, so that users can experiment with their system BTW, I still have with Mozilla 1.3 (Windows) the problem that a .php3 suffix is appended to the normal extension (.csv, .sql) on a export. IE6 is ok on this. ---------------------------------------------------------------------- Comment By: Michal Čihař (nijel) Date: 2003-06-09 13:18 Message: Logged In: YES user_id=192186 About compression: for gzip and bzip, it is possible to compress smaller blocks, and send them during dumping (at least my bzip2/gzip handles this okay). It would decrease compression, but it could workaround memory limits. Implementation IMHO shouldn't be hard, but maybe some gzip/bzip2 versions could have problems with such files... Your opinion? Anyway we should document that there can be memory limits for compressed dumps... But I'll write something, as soon as changes will become final :-) ---------------------------------------------------------------------- Comment By: Michal Čihař (nijel) Date: 2003-06-09 09:47 Message: Logged In: YES user_id=192186 Should be fixed now (version 5), thanks for testing. ---------------------------------------------------------------------- Comment By: Marc Delisle (lem9) Date: 2003-06-06 15:53 Message: Logged In: YES user_id=210714 It happens when there are no column-comments or MIME-types for a table. ---------------------------------------------------------------------- Comment By: Marc Delisle (lem9) Date: 2003-06-06 15:42 Message: Logged In: YES user_id=210714 Michal, when trying Add into comments: comments (or MIME-type), I get Variable passed to each() is not an array or object in /usr/local/etc/www/si/php/phpMyAdmin/libraries/export/sql.php3 on line 248 ---------------------------------------------------------------------- Comment By: Marc Delisle (lem9) Date: 2003-06-06 15:38 Message: Logged In: YES user_id=210714 yes! Now finally, exporting big databases is possible (if not compressed)! Should we add a warning about the fact that, if using compression, the user may face some time or memory limits on the server? ---------------------------------------------------------------------- Comment By: Michal Čihař (nijel) Date: 2003-06-06 14:14 Message: Logged In: YES user_id=192186 Version 4 is just rediff to current cvs, because translations has changed. ---------------------------------------------------------------------- Comment By: Michal Čihař (nijel) Date: 2003-06-06 09:28 Message: Logged In: YES user_id=192186 New version again, previous contained quite a lof of garbage, now it should be okay. Changes: code cleanup, added docs ---------------------------------------------------------------------- Comment By: Michal Čihař (nijel) Date: 2003-06-05 21:09 Message: Logged In: YES user_id=192186 New version of patch, removes some things that shouldn't be in and adds config options for exports. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=377410&aid=749704&group_id=23067 
 [Phpmyadmin-trk-patches] [ phpmyadmin-Patches-705727 ] (session - after 2.5.0) md5/cookie auth method (non-SSL) From: SourceForge.net - 2003-07-23 09:23:37 Patches item #705727, was opened at 2003-03-18 17:34 Message generated for change (Comment added) made by garvinhicking You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=377410&aid=705727&group_id=23067 Category: Authentification issues Group: None >Status: Closed >Resolution: Out of Date >Priority: 1 Submitted By: Paul Johe (pdjohe) Assigned to: Nobody/Anonymous (nobody) Summary: (session - after 2.5.0) md5/cookie auth method (non-SSL) Initial Comment: The attached files are an update to the cookie authentication method so that the password can be sent as a hash over the internet, useful over non-SSL connections. The method I use on my site uses a random session variable which is sent with the form (CHAP login method) as to prevent a replay attack (eavesdropping). Before the form is sent, the random session variable and the entered password values are changes md5 hashes and then sent. The received hash values are matched against the md5 hashes of the random session variable and the md5 hash of the password entered in the config under the matched username in the config. If matched, the password entered in the config is used to validate the mysql login. Thoughts, suggestions? Paul Johe (Note: the attached md5 javascript library was written by Paul Johnston and can be found http://pajhome.org.uk/crypt/md5 ) ---------------------------------------------------------------------- >Comment By: Garvin Hicking (garvinhicking) Date: 2003-07-23 09:23 Message: Logged In: YES user_id=473563 As we're using blowfish now, I guess we can close this one down here? ---------------------------------------------------------------------- Comment By: Robin Johnson (robbat2) Date: 2003-05-06 09:16 Message: Logged In: YES user_id=30201 Good to see somebody has taken the ideas I long had in the RFE/Bugs and implemented them. Now seeing this, I have a further request of you if you have time. (I don't have time). The current version you submitted only works for the simple auth types, as we don't need the actual password on the other end. However, for the more advanced authentication, we need the password on the other end to run the mysql_connect as we avoid letting the PMA user have access to the password field in the DB for security reasons. Could you possible create a variant of this using the UNIX crypt functions that Paul Johnston also wrote or any other 2 way encryption system? For that, there will be 2 variables added to the form. First is a session identifier id. Second will be random session var for the puesdo-CHAP login. The javascript should use the random var for the salt, (possibly pre-pend the username to the password, and seperate them with a specific symbol eg '|' for more entropy). Then the identifier gets sent back along with the username and encrypted password. We can decrypt this and use the output to try and authenticate against the database. This isn't totally secure as somebody eavesdropping the entire session would be able to get the initial key and decrypt things but that is a price we have to pay for needing the password in plaintext at the server to login. Another possibility would be the additional of a PMA_userauth user in mysql that is seriously locked down in our code and has just the read access to the mysql tables needed. ---------------------------------------------------------------------- Comment By: Paul Johe (pdjohe) Date: 2003-03-18 18:04 Message: Logged In: YES user_id=601630 I attached a version of the config.auth.lib.php without sessions which could currently be used. ---------------------------------------------------------------------- Comment By: Garvin Hicking (garvinhicking) Date: 2003-03-18 17:56 Message: Logged In: YES user_id=473563 I just had a look at your file and saw it really does use session_*() functions of PHP4. We will postpone this item and re-check it after our source rewrite coming after 2.5.0. Regards, Garvin. ---------------------------------------------------------------------- Comment By: Garvin Hicking (garvinhicking) Date: 2003-03-18 17:47 Message: Logged In: YES user_id=473563 Moved to Patches. Paul, can you please provide the files? They are currently missing in this tracker. Please take into regard that currently phpMyAdmin has to be compatible to PHP3 and thus cannot use any Session-related features. The release after the 2.5.0 will most probably drop PHP3 support and we can then use sessions. Regards, Garvin. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=377410&aid=705727&group_id=23067 
 [Phpmyadmin-trk-patches] [ phpmyadmin-Patches-773971 ] Export a Query From: SourceForge.net - 2003-07-20 11:43:08 Patches item #773971, was opened at 2003-07-18 18:48 Message generated for change (Settings changed) made by lem9 You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=377410&aid=773971&group_id=23067 Category: Data insertion/extraction Group: None >Status: Closed >Resolution: Out of Date Priority: 5 Submitted By: justin fiore (jfiore) Assigned to: Nobody/Anonymous (nobody) Summary: Export a Query Initial Comment: Hey List, In PMA-2.3.3 there is no way to export a given query, only a way to export the whole table. I found this a bit inconvenient, so I wrote a little mod to add this capability. The zip file with the Modified files and documentation is attached. The documentation is as follows: QUERY EXPORT MOD Written By Justin M. Fiore 2003-07-18 PURPOSE: Adds ability to export a certain query instead of the whole table. MOD CREATED FOR: PHPMyAdmin version 2.3.3 All Line numbers are based off VIRGIN SCRIPTS, meaning that you nor anyone else has modified them. That the lines are as they were when they were downloaded and extracted. DISCLAIMER: This is not supported in any way shape or form. I made this, so I am sharing it. If you need help you can e-mail me though, jmf10024@... and I will try to find time to help you. INSTALLATION: 2 methods 1. If you have the zip file with the php files you can copy my files to the proper locations in your directory structure 2. You can use the INSTRUCTIONS ON MODIFYING YOUR CODE (see below) to make the changes yourself. INSTRUCTIONS ON MODIFYING YOUR CODE: -replace "PMA_displayTable($result,$disp_mode, $analyzed_sql);" with "$export_goto = 'tbl_properties_export.php' . '?lang=' . $lang . '&convcharset=' .$convcharset . '&server=' . $server . '&db=' . urlencode($db) . '&table=' . urlencode($table) . '&pos=' .$pos . '&session_max_rows=' . $session_max_rows . '&disp_direction=' .$disp_direction . '&repeat_cells=' . $repeat_cells . '&dontlimitchars=' .$dontlimitchars . '&sql_query=' . urlencode($sql_query); ?> " />" to ./tbl_properties_export.php around line 32 -add " DUMP FOR QUERY:$dump_query"; } ?>" to ./tbl_properties_export.php around line 17 -Possibly comment out line 290 in ./tbl_dump.php -replace "$local_query = 'SELECT * FROM ' . PMA_backquote($db) . '.' . PMA_backquote($table) .$add_query;" with "global $dump_query; global$db; if($dump_query!='') {$local_query = $dump_query; mysql_select_db($db); } else $local_query = 'SELECT * FROM ' . PMA_backquote($db) . '.' . PMA_backquote($table) .$add_query;" on lines 200, 542, and 628 in ./libraries/build_dump.lib.php UPLOAD THE SCRIPTS AND TRY IT OUT DONE. //End Documentation ---------------------------------------------------------------------- Comment By: Alexander M. Turek (rabus) Date: 2003-07-19 05:58 Message: Logged In: YES user_id=418833 Moved to patches. I'm sorry, but we probably won't use your modifications because we have already implemented such a feature in our latest release candidate (2.5.2-rc2). Furthermore, you have built your patch based on a rather old version of phpMyAdmin. Since then, many changes have been made, especially in the export code. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=377410&aid=773971&group_id=23067 
 [Phpmyadmin-trk-patches] [ phpmyadmin-Patches-773971 ] Export a Query From: SourceForge.net - 2003-07-19 09:59:09 Patches item #773971, was opened at 2003-07-19 00:48 Message generated for change (Settings changed) made by rabus You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=377410&aid=773971&group_id=23067 >Category: Data insertion/extraction Group: None Status: Open Resolution: None Priority: 5 Submitted By: justin fiore (jfiore) Assigned to: Nobody/Anonymous (nobody) Summary: Export a Query Initial Comment: Hey List, In PMA-2.3.3 there is no way to export a given query, only a way to export the whole table. I found this a bit inconvenient, so I wrote a little mod to add this capability. The zip file with the Modified files and documentation is attached. The documentation is as follows: QUERY EXPORT MOD Written By Justin M. Fiore 2003-07-18 PURPOSE: Adds ability to export a certain query instead of the whole table. MOD CREATED FOR: PHPMyAdmin version 2.3.3 All Line numbers are based off VIRGIN SCRIPTS, meaning that you nor anyone else has modified them. That the lines are as they were when they were downloaded and extracted. DISCLAIMER: This is not supported in any way shape or form. I made this, so I am sharing it. If you need help you can e-mail me though, jmf10024@... and I will try to find time to help you. INSTALLATION: 2 methods 1. If you have the zip file with the php files you can copy my files to the proper locations in your directory structure 2. You can use the INSTRUCTIONS ON MODIFYING YOUR CODE (see below) to make the changes yourself. INSTRUCTIONS ON MODIFYING YOUR CODE: -replace "PMA_displayTable($result,$disp_mode, $analyzed_sql);" with "$export_goto = 'tbl_properties_export.php' . '?lang=' . $lang . '&convcharset=' .$convcharset . '&server=' . $server . '&db=' . urlencode($db) . '&table=' . urlencode($table) . '&pos=' .$pos . '&session_max_rows=' . $session_max_rows . '&disp_direction=' .$disp_direction . '&repeat_cells=' . $repeat_cells . '&dontlimitchars=' .$dontlimitchars . '&sql_query=' . urlencode($sql_query); ?> " />" to ./tbl_properties_export.php around line 32 -add " DUMP FOR QUERY:$dump_query"; } ?>" to ./tbl_properties_export.php around line 17 -Possibly comment out line 290 in ./tbl_dump.php -replace "$local_query = 'SELECT * FROM ' . PMA_backquote($db) . '.' . PMA_backquote($table) .$add_query;" with "global $dump_query; global$db; if($dump_query!='') {$local_query = $dump_query; mysql_select_db($db); } else $local_query = 'SELECT * FROM ' . PMA_backquote($db) . '.' . PMA_backquote($table) .$add_query;" on lines 200, 542, and 628 in ./libraries/build_dump.lib.php UPLOAD THE SCRIPTS AND TRY IT OUT DONE. //End Documentation ---------------------------------------------------------------------- Comment By: Alexander M. Turek (rabus) Date: 2003-07-19 11:58 Message: Logged In: YES user_id=418833 Moved to patches. I'm sorry, but we probably won't use your modifications because we have already implemented such a feature in our latest release candidate (2.5.2-rc2). Furthermore, you have built your patch based on a rather old version of phpMyAdmin. Since then, many changes have been made, especially in the export code. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=377410&aid=773971&group_id=23067 
 [Phpmyadmin-trk-patches] [ phpmyadmin-Patches-773971 ] Export a Query From: SourceForge.net - 2003-07-19 09:58:28 Patches item #773971, was opened at 2003-07-19 00:48 Message generated for change (Comment added) made by rabus You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=377410&aid=773971&group_id=23067 >Category: None Group: None Status: Open Resolution: None Priority: 5 Submitted By: justin fiore (jfiore) Assigned to: Nobody/Anonymous (nobody) >Summary: Export a Query Initial Comment: Hey List, In PMA-2.3.3 there is no way to export a given query, only a way to export the whole table. I found this a bit inconvenient, so I wrote a little mod to add this capability. The zip file with the Modified files and documentation is attached. The documentation is as follows: QUERY EXPORT MOD Written By Justin M. Fiore 2003-07-18 PURPOSE: Adds ability to export a certain query instead of the whole table. MOD CREATED FOR: PHPMyAdmin version 2.3.3 All Line numbers are based off VIRGIN SCRIPTS, meaning that you nor anyone else has modified them. That the lines are as they were when they were downloaded and extracted. DISCLAIMER: This is not supported in any way shape or form. I made this, so I am sharing it. If you need help you can e-mail me though, jmf10024@... and I will try to find time to help you. INSTALLATION: 2 methods 1. If you have the zip file with the php files you can copy my files to the proper locations in your directory structure 2. You can use the INSTRUCTIONS ON MODIFYING YOUR CODE (see below) to make the changes yourself. INSTRUCTIONS ON MODIFYING YOUR CODE: -replace "PMA_displayTable($result,$disp_mode, $analyzed_sql);" with "$export_goto = 'tbl_properties_export.php' . '?lang=' . $lang . '&convcharset=' .$convcharset . '&server=' . $server . '&db=' . urlencode($db) . '&table=' . urlencode($table) . '&pos=' .$pos . '&session_max_rows=' . $session_max_rows . '&disp_direction=' .$disp_direction . '&repeat_cells=' . $repeat_cells . '&dontlimitchars=' .$dontlimitchars . '&sql_query=' . urlencode($sql_query); ?> " />" to ./tbl_properties_export.php around line 32 -add " DUMP FOR QUERY:$dump_query"; } ?>" to ./tbl_properties_export.php around line 17 -Possibly comment out line 290 in ./tbl_dump.php -replace "$local_query = 'SELECT * FROM ' . PMA_backquote($db) . '.' . PMA_backquote($table) .$add_query;" with "global $dump_query; global$db; if($dump_query!='') {$local_query = $dump_query; mysql_select_db($db); } else $local_query = 'SELECT * FROM ' . PMA_backquote($db) . '.' . PMA_backquote($table) .$add_query;" on lines 200, 542, and 628 in ./libraries/build_dump.lib.php UPLOAD THE SCRIPTS AND TRY IT OUT DONE. //End Documentation ---------------------------------------------------------------------- >Comment By: Alexander M. Turek (rabus) Date: 2003-07-19 11:58 Message: Logged In: YES user_id=418833 Moved to patches. I'm sorry, but we probably won't use your modifications because we have already implemented such a feature in our latest release candidate (2.5.2-rc2). Furthermore, you have built your patch based on a rather old version of phpMyAdmin. Since then, many changes have been made, especially in the export code. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=377410&aid=773971&group_id=23067 
 [Phpmyadmin-trk-patches] [ phpmyadmin-Patches-546785 ] (2.2.6) Http auth and IIS From: SourceForge.net - 2003-07-12 13:26:26 Patches item #546785, was opened at 2002-04-21 11:42 Message generated for change (Comment added) made by lem9 You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=377410&aid=546785&group_id=23067 Category: Authentification issues Group: Unstable >Status: Closed Resolution: Accepted Priority: 1 Submitted By: Loïc Chapeaux (loic1) >Assigned to: Nobody/Anonymous (nobody) Summary: (2.2.6) Http auth and IIS Initial Comment: From an user comment at the php manual: ---------------------------------------- if ($PHP_AUTH_USER == '' && PHP_AUTH_PW == '' && isset($HTTP_AUTHORIZATION) && ereg('^Basic ', $HTTP_AUTHORIZATION)) { list($PHP_AUTH_USER, $PHP_AUTH_PW) = explode(':', base64_decode(substr($HTTP_AUTHORIZATION, 6))); } It worked for me on IIS 5 and PHP 4 in ISAPI ---------------------------------------------------------------------- >Comment By: Marc Delisle (lem9) Date: 2003-07-12 09:26 Message: Logged In: YES user_id=210714 I close since this has been committed. ---------------------------------------------------------------------- Comment By: Garvin Hicking (garvinhicking) Date: 2003-05-14 07:08 Message: Logged In: YES user_id=473563 I don't know anything of this, but this item is in the patch tracker for quite some while. Are there news on this, or what will we do with this? ---------------------------------------------------------------------- Comment By: Alexander M. Turek (rabus) Date: 2002-11-16 11:44 Message: Logged In: YES user_id=418833 Of course, I meant PHP as ISAPI, not MySQL :o) ---------------------------------------------------------------------- Comment By: Alexander M. Turek (rabus) Date: 2002-11-16 11:43 Message: Logged In: YES user_id=418833 Tested with the current CVS version. Windows NT 5.2 RC1 IIS 6.0 PHP 4.3.0-dev MySQL 4.0.4-beta as ISAPI module Unfortunately, it did NOT work. I have an Apache 2 installed on the same machine (it's just listening to another port). Here, the still authentification works fine. ---------------------------------------------------------------------- Comment By: Loïc Chapeaux (loic1) Date: 2002-09-25 08:02 Message: Logged In: YES user_id=144058 Also have a look at this PHP bug report: http://bugs.php.net/bug.php?id=19207 Loïc ---------------------------------------------------------------------- Comment By: Loïc Chapeaux (loic1) Date: 2002-08-30 08:24 Message: Logged In: YES user_id=144058 An user (Jeff Dale) is currently testing the fix and tries to improve it :) Loïc ---------------------------------------------------------------------- Comment By: Loïc Chapeaux (loic1) Date: 2002-07-08 05:06 Message: Logged In: YES user_id=144058 I don't know since I don't use IIS. It may works but I would like some user to test it for me... Loïc ---------------------------------------------------------------------- Comment By: Robin Johnson (robbat2) Date: 2002-06-20 22:48 Message: Logged In: YES user_id=30201 Has this been fixed ? ---------------------------------------------------------------------- Comment By: Loïc Chapeaux (loic1) Date: 2002-04-21 16:50 Message: Logged In: YES user_id=144058 Commited into the CVS tree. Testings are required. Loïc ---------------------------------------------------------------------- Comment By: Loïc Chapeaux (loic1) Date: 2002-04-21 12:51 Message: Logged In: YES user_id=144058 I've just attached to this thread the patch against the 2.2.6 release. Loïc ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=377410&aid=546785&group_id=23067 
 [Phpmyadmin-trk-patches] [ phpmyadmin-Patches-760862 ] (in 2.5.2) Password encoding with blowfish From: SourceForge.net - 2003-07-01 21:37:55 Patches item #760862, was opened at 2003-06-25 20:28 Message generated for change (Comment added) made by lem9 You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=377410&aid=760862&group_id=23067 Category: None Group: None Status: Open >Resolution: Accepted >Priority: 1 Submitted By: Marc Delisle (lem9) Assigned to: Marc Delisle (lem9) >Summary: (in 2.5.2) Password encoding with blowfish Initial Comment: To test, put this in libraries/auth. Please comment. Those functions would go in cookie.auth.lib, to encode/decode the password to/from the cookies. ---------------------------------------------------------------------- >Comment By: Marc Delisle (lem9) Date: 2003-07-01 17:37 Message: Logged In: YES user_id=210714 Merged with your suggestion. ---------------------------------------------------------------------- Comment By: Michal Čihař (nijel) Date: 2003-07-01 10:10 Message: Logged In: YES user_id=192186 My comments: 1. it works okay, now we need to force everybody to choose his key 2. for deleting cookie, set it to '' and not PMA_blowfish_encrypt('', 'secret'), or is there something I'm missing? IMHO this can go to CVS (+ user_password.php3 change). ---------------------------------------------------------------------- Comment By: Marc Delisle (lem9) Date: 2003-06-30 09:16 Message: Logged In: YES user_id=210714 TODO: call blowfish in user_password.php3 ---------------------------------------------------------------------- Comment By: Marc Delisle (lem9) Date: 2003-06-30 09:11 Message: Logged In: YES user_id=210714 Please try blowfish.zip. Put the new cookie.auth.lib.php3 in /libraries/auth, and blowfish.php3 in /libraries. For now, the secret is hardcoded, but I plan to use a secret entered in the config file, as I said in my previous message. Tell me your feeling about the small time overhead. Did not receive news from the Horde author of blowfish.php, but I guess LGPL permits us to include this. ---------------------------------------------------------------------- Comment By: Marc Delisle (lem9) Date: 2003-06-28 08:55 Message: Logged In: YES user_id=210714 Ok my tests with blowfish look good, I just asked a few remaining questions to the author. I think it will be more secure to force users (installers) of the cookie mode, to enter their own secret key in the config file, and we should even refuse, with an appropriate error message, to process cookie mode without a secret key. ---------------------------------------------------------------------- Comment By: Marc Delisle (lem9) Date: 2003-06-26 11:33 Message: Logged In: YES user_id=210714 Well, he could decode anyone else's password, only for users of the same phpMyAdmin installation. So this reduces the number of potential attackers. I will try to understand blowfish and come back here. ---------------------------------------------------------------------- Comment By: Michal Čihař (nijel) Date: 2003-06-26 08:47 Message: Logged In: YES user_id=192186 I'm not expert on ciphers, but the one used in attached code allows you to acquire "secret" when you know original text and ciphered text. This should not be possible and I expect that using something like Blowfish would not allow this. If we would use this code, user can get "secret" just by subtracting his password from ciphered password. And then he could decode anyone elses password... ---------------------------------------------------------------------- Comment By: Marc Delisle (lem9) Date: 2003-06-26 08:38 Message: Logged In: YES user_id=210714 Michal, phpMyAdmin would not know the original text, as it only gets the ciphered one from the cookie. ---------------------------------------------------------------------- Comment By: Michal Čihař (nijel) Date: 2003-06-26 08:25 Message: Logged In: YES user_id=192186 When using some salt and better encryption, you IMHO can't figure out the secret key when you know original text and ciphered text. In horde it is Cipher.php and Secret.php (this uses mcrypt if available, if not it uses Cipher.php). ---------------------------------------------------------------------- Comment By: Marc Delisle (lem9) Date: 2003-06-26 08:09 Message: Logged In: YES user_id=210714 Michal, whatever we use in the algorithm, an attacker which has login on the same server can replay it, no? About horde, in which module is there code for encryption? ---------------------------------------------------------------------- Comment By: Michal Čihař (nijel) Date: 2003-06-26 04:36 Message: Logged In: YES user_id=192186 This adds some security, but not much. If you have login to phpMyAdmin, you can obtain "secret" key easilly. We should use something better than just adding/subtracting values. There are IMHO two possibilities - using mcrypt or some php code to encrypt. Mcrypt will increase our reuirements for installed modules which is bad, php code has speed reduction, but it should not hurt for such small things as passwords. During quick search I found that Horde (http://horde.org/) contains such code and it is licensed under LGPL, so we could use it... ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=377410&aid=760862&group_id=23067 
 [Phpmyadmin-trk-patches] [ phpmyadmin-Patches-760862 ] Password encoding with blowfish From: SourceForge.net - 2003-07-01 14:10:50 Patches item #760862, was opened at 2003-06-26 02:28 Message generated for change (Comment added) made by nijel You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=377410&aid=760862&group_id=23067 Category: None Group: None Status: Open Resolution: None Priority: 5 Submitted By: Marc Delisle (lem9) Assigned to: Marc Delisle (lem9) Summary: Password encoding with blowfish Initial Comment: To test, put this in libraries/auth. Please comment. Those functions would go in cookie.auth.lib, to encode/decode the password to/from the cookies. ---------------------------------------------------------------------- >Comment By: Michal Čihař (nijel) Date: 2003-07-01 16:10 Message: Logged In: YES user_id=192186 My comments: 1. it works okay, now we need to force everybody to choose his key 2. for deleting cookie, set it to '' and not PMA_blowfish_encrypt('', 'secret'), or is there something I'm missing? IMHO this can go to CVS (+ user_password.php3 change). ---------------------------------------------------------------------- Comment By: Marc Delisle (lem9) Date: 2003-06-30 15:16 Message: Logged In: YES user_id=210714 TODO: call blowfish in user_password.php3 ---------------------------------------------------------------------- Comment By: Marc Delisle (lem9) Date: 2003-06-30 15:11 Message: Logged In: YES user_id=210714 Please try blowfish.zip. Put the new cookie.auth.lib.php3 in /libraries/auth, and blowfish.php3 in /libraries. For now, the secret is hardcoded, but I plan to use a secret entered in the config file, as I said in my previous message. Tell me your feeling about the small time overhead. Did not receive news from the Horde author of blowfish.php, but I guess LGPL permits us to include this. ---------------------------------------------------------------------- Comment By: Marc Delisle (lem9) Date: 2003-06-28 14:55 Message: Logged In: YES user_id=210714 Ok my tests with blowfish look good, I just asked a few remaining questions to the author. I think it will be more secure to force users (installers) of the cookie mode, to enter their own secret key in the config file, and we should even refuse, with an appropriate error message, to process cookie mode without a secret key. ---------------------------------------------------------------------- Comment By: Marc Delisle (lem9) Date: 2003-06-26 17:33 Message: Logged In: YES user_id=210714 Well, he could decode anyone else's password, only for users of the same phpMyAdmin installation. So this reduces the number of potential attackers. I will try to understand blowfish and come back here. ---------------------------------------------------------------------- Comment By: Michal Čihař (nijel) Date: 2003-06-26 14:47 Message: Logged In: YES user_id=192186 I'm not expert on ciphers, but the one used in attached code allows you to acquire "secret" when you know original text and ciphered text. This should not be possible and I expect that using something like Blowfish would not allow this. If we would use this code, user can get "secret" just by subtracting his password from ciphered password. And then he could decode anyone elses password... ---------------------------------------------------------------------- Comment By: Marc Delisle (lem9) Date: 2003-06-26 14:38 Message: Logged In: YES user_id=210714 Michal, phpMyAdmin would not know the original text, as it only gets the ciphered one from the cookie. ---------------------------------------------------------------------- Comment By: Michal Čihař (nijel) Date: 2003-06-26 14:25 Message: Logged In: YES user_id=192186 When using some salt and better encryption, you IMHO can't figure out the secret key when you know original text and ciphered text. In horde it is Cipher.php and Secret.php (this uses mcrypt if available, if not it uses Cipher.php). ---------------------------------------------------------------------- Comment By: Marc Delisle (lem9) Date: 2003-06-26 14:09 Message: Logged In: YES user_id=210714 Michal, whatever we use in the algorithm, an attacker which has login on the same server can replay it, no? About horde, in which module is there code for encryption? ---------------------------------------------------------------------- Comment By: Michal Čihař (nijel) Date: 2003-06-26 10:36 Message: Logged In: YES user_id=192186 This adds some security, but not much. If you have login to phpMyAdmin, you can obtain "secret" key easilly. We should use something better than just adding/subtracting values. There are IMHO two possibilities - using mcrypt or some php code to encrypt. Mcrypt will increase our reuirements for installed modules which is bad, php code has speed reduction, but it should not hurt for such small things as passwords. During quick search I found that Horde (http://horde.org/) contains such code and it is licensed under LGPL, so we could use it... ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=377410&aid=760862&group_id=23067 

Showing 11 results of 11