Is it just me or does it seem like storing the user name and
passwords in cookies as clear text is a serious security hole.
Particularly since they're named so obviously as
'pma_cookie_password' and 'pma_cookie_username'???
Seems like a simple fix to store the cookie authentication as a
hash instead.
Logged In: NO
Above refers the login process for using phpMyAdmin...
Logged In: YES
user_id=473563
We somewhen had the discussion about storing this data
encrypted, but robbat2 reported some problems with id.
Sadly, I can't remember the thread/tracker item about this.
Logged In: YES
user_id=210714
Garvin,
don't be sad (It's now in the features requests):
https://sourceforge.net/tracker/index.php?func=detail&aid=564793&group_id=23067&atid=377411
Logged In: YES
user_id=210714
Also, I remind you that the password AFAIK is not stored in
permanent cookies. The security problem is the password
going in clear over the wire, and the usual solution is
using https.
Logged In: YES
user_id=210714
So can we close this bug report?