Databases Reference
In-Depth Information
This mode stores the username typed in the login screen into a permanent cookie
in our browser. The password is stored as a temporary cookie. In a multi-server
configuration, the username/password pair corresponding to each server is stored
separately. To protect the username/password secrecy against some attack methods
that target cookie content, they are encrypted using the Blowfish mechanism. So,
to use this mode, we have to define (once) in
config.inc.php
a secret password
that will be used to securely encrypt all passwords stored as cookies from this
phpMyAdmin installation.
This is done by putting a secret password here:
$cfg['blowfish_secret'] = 'SantaLivesInCanada';
Then, for each server-specific section, use the following:
$cfg['Servers'][$i]['auth_type'] = 'cookie';
The next time we start phpMyAdmin, we will see the login panel.
By default, phpMyAdmin displays (in the login panel) the last username for which
a successful login was achieved for this particular server, as retrieved from the
permanent cookie. If this behavior is not acceptable (if we would prefer that someone
else who logs in from the same workstation should not see the previous username),
we can set the following parameter to
FALSE
:
$cfg['LoginCookieRecall'] = FALSE;
A security feature was added in phpMyAdmin 2.6.0: a time limit for the validity
of the entered password. This feature helps to protect the working session. After a
successful login, our password is stored in a cookie, along with a timer. Every action
in phpMyAdmin resets the timer. If we stay
inactive
a certain number of seconds, as
defined in
$cfg
[
'LoginCookieValidity'
], we are disconnected and have to login
again. The default is 1800 seconds.
The Blowfish algorithm used to protect the username and
password requires many computations. To achieve the
best possible speed, the PHP's
mcrypt
extension and its
accompanying library must be installed on our web server.
Otherwise, phpMyAdmin relies on an internally coded
algorithm which works but causes
delays of several seconds
on almost every operation done from phpMyAdmin! This
is because the username and password information must
be decoded on every mouse click to be able to connect
to MySQL.
Search WWH ::
Custom Search