phpMyAdmin 2.8.0.4 Released [May 12th, 2006]

[Vin DSL]

Looks like they finally got it right!

http://www.phpmyadmin.net/home_page/...php?relnotes=1

Come on in, the water's fine!

[Vin DSL]

I've been playing around with this new version all night, and fixed a couple of things that were bugging me...

Both of them were related to using 'cookie auth', which is best IMHO:

• The 'cookie auth' login screen was all jacked up. I submitted the fix to 'nijel' over at SourceForge:
  
  http://sourceforge.net/tracker/?grou...& aid=1445541
  
  
• The other thing is an intentional 'bug'. I never noticed it before, but apparently some ppl run phpMyAdmin on internal networks where root doesn't have a password. In order for this to work, PMA allows empty passwords in the cookie login forms. While this is okay on a LAN, it's a little disconcerting online!
  
  The effect is, when you use a bogus username and empty password, it allows you to login via 'cookie auth' to PMA. Of course, you cannot connect to the dbs because you aren't authed, however, it does allow you to look around at the server runtime and so forth.
  
  So, I figured out a workaround for this issue. If anyone is interested, let me know and I'll post the fix here.

Example of a typical 'cookie auth' install:

http://rabus.phpmyadmin.net/demos/RELEASE_FINAL/

My patched 'cookie auth' install:

http://www.lenon.com/phpMyAdmin/

[Vin DSL]

Both of them were related to using 'cookie auth', which is best IMHO...

Heh! Typing to myself again...

Source: http://blog.cihar.com/archives/2006/...o_cookie_auth/

As most users are anyway using cookie based authentication, I decided to make it available on demo server...

[Vin DSL]

Byproduct of conversing with 'nijel'...

Check it out: http://pma.cihar.com/HEAD/

Username: root
Password: 'none'