Similar to a list of allowed databases, an optional list of allowed users would help access control.
This way, application users with unrestricted database access can be prevented from phpPgAdmin logins.
I modified my own server like this:
Add to config.inc.php:
$conf['allowed login'] = array('datauser');
Add to classes/Misc.php within the block for extra_login_security:
if (isset($conf['allowed login'])) { if (! in_array($username, $conf['allowed login'])) { unset($_SESSION['webdbLogin'][$_REQUEST['server']]); $msg = $lang['strlogindisallowed']; include('./login.php'); exit; } }
Log in to post a comment.
I modified my own server like this:
Add to config.inc.php:
$conf['allowed login'] = array('datauser');
Add to classes/Misc.php within the block for extra_login_security:
if (isset($conf['allowed login'])) {
if (! in_array($username, $conf['allowed login'])) {
unset($_SESSION['webdbLogin'][$_REQUEST['server']]);
$msg = $lang['strlogindisallowed'];
include('./login.php');
exit;
}
}