Menu
▾
▴
#2808 (ok 3.2) AllowNoPasswordRoot error message is too vague
When a user with a blank password for 'root' tries to log in (presuming AllowNoPasswordRoot=false), the error message is "Access denied" -- this is too vague and we should give them at least a hint as to what is wrong and ideally a tip on how to set the password.
I'd gladly submit the patch myself but can't find the logic for dealing with this -- the error message appears to be strAccessDenied but the only references I find to that string in the codebase relate to the Allow/Deny ruleset. So hints are welcome.
Thanks
Discussion
Yes, the same message is used. The code is in libaries/common.inc.php and it calls PMA_auth_fails from active auth method, which displays error message based on some global variables.
On the other side - it was quite intentional to use same error message. Do you think it is good idea to make publicly available information that you have root user without password?
Michal,
if a user tries root without a password and we reply that root without a password is not allowed for this PMA installation, we are not revealing anything about user root.
Fixed in subversion, thanks for reporting.
Fixed (at least for cookie auth).