diff --git a/Documentation.html b/Documentation.html
index 3eb262da9..bc24da57f 100755
--- a/Documentation.html
+++ b/Documentation.html
@@ -149,7 +149,7 @@
phpMyAdmin can manager a whole MySQL-server (needs a super-user)
but also a single database. To accomplish the latter you'll need
a properly set up MySQL-user who can read/write only the desired
- database. It's up to you to look up the appropiate part in the
+ database. It's up to you to look up the appropriate part in the
MySQL manual. Currently phpMyAdmin can:
@@ -220,8 +220,8 @@
explanation of all values.
It is recommended that you protect the directory in which
you installed phpMyAdmin (unless it's on a closed intranet, or you
- wish to use http authentication), for example with HTTP-AUTH (in a
- .htaccess file). See the
+ wish to use http or cookie authentication), for example with
+ HTTP-AUTH (in a .htaccess file). See the
FAQ section for additional
information.
Open the file
@@ -239,10 +239,21 @@
values in the new one.
-Using http authentication mode:
-
--
- phpMyAdmin needs a stduser that has only the SELECT
+
Using authentication modes:
+
+- Http and cookie authentication modes are recommended in a multi-user
+ environment where you want to give users access to their own database
+ and don't want them to play around with others.
+
+- Http and cookie authentication modes are secure: the MySQL password does
+ not need to be set in the phpMyAdmin configuration file. (except for the
+ "standard user" -see the Configuration section-).
+ In cookie mode, we send the password in a temporary cookie, so most
+ browsers should not store the password in their cookie file.
+
+
+- For 'http' and 'cookie' modes, phpMyAdmin needs a stduser that
+ has only the SELECT
privilege on the mysql.user (all columns except
"Password"), mysql.db (all columns) &
mysql.tables_priv (all columns except "Grantor" &
@@ -284,27 +295,38 @@
GRANT ALL PRIVILEGES ON user_base.* TO 'real_user'@localhost IDENTIFIED BY 'real_password';
What the user may now do is controlled entirely by the MySQL user management
- system.
+ system.
+ With http or cookie auth mode, you don't need to fill the user/password
+ fields inside the $cfgServers array.
-
-
-Using cookie authentication mode:
-
- - If you want to use this method as a replacement for the http
- authentication (for example, if you're running IIS), you'll have to
- setup a "standard user" and do the same work in both
- cases.
- - Else you don't need to fill any of the user/password fields inside the
- $cfgServers array with this method.
-Using standard authentication mode:
+'http' authentication mode:
+
+ - Was called 'advanced' in versions before 2.2.3.
+ - Introduced in 1.3.0, it uses Basic HTTP authentication method and
+ allows you to login as any valid MySQL user.
+ - Is only supported with PHP running as an Apache module, not with cgi.
+
+'cookie' authentication mode:
+
+ - You can use this method as a replacement for the http
+ authentication (for example, if you're running IIS).
+
+ - Obviously, the user must enable cookies in the browser.
+ - With this mode, the use can truly logout of phpMyAdmin and login back
+ with the same username.
+
+
+'config' authentication mode:
- This mode is the less secure one because it requires you to fill the
$cfgServers[n]['user'] and $cfgServers[n]['password']
fields.
But usually you don't need to setup a "standard user" here:
- using the $cfgServers[n]['only_db'] might be enough.
+ using the $cfgServers[n]['only_db'] might be enough.
+ In the ISP FAQ section, there is an entry explaining how to
+ protect your configuration file.
@@ -391,7 +413,7 @@
$cfgServers[n]['stdpass'] string
- When using http or cookie authentication modes (or standard
+ When using http or cookie authentication modes (or 'config'
authentication mode since phpMyAdmin 2.2.1), you need to supply the
details of a MySQL account that has SELECT privilege on the
mysql.user (all columns except "Password"),
@@ -409,48 +431,33 @@
- $cfgServers[n]['auth_type'] string ['http'|'cookie'|'basic']
+ $cfgServers[n]['auth_type'] string ['http'|'cookie'|'config']
- Whether basic or cookie or http authentication should be used for this
+ Whether config or cookie or http authentication should be used for this
server.
-
- Basic authentication ($auth_type = 'basic')
+ 'config' authentication ($auth_type = 'config')
is the plain old way: username and password are stored in
config.inc.php3.
-
- Cookie authentication mode
+ 'cookie' authentication mode
($auth_type = 'cookie') as introduced in
2.2.3 allows you to log in as any valid MySQL user with the
help of... cookies. Log name and password are stored in
- cookies during the session and password are deleted when it
+ cookies during the session and password is deleted when it
ends.
-
- Advanced or http authentication
+ 'http' authentication (was called 'advanced' in older versions)
($auth_type = 'http') as introduced in 1.3.0
allows you to log in as any valid MySQL user via HTTP-Auth.
- Please note that this last authentication mode is
- only supported with PHP running as an
- Apache module, and not with cgi.
- Http or cookie authentication modes are recommended in a multi-user
- environment where you want to give users access to their own database
- and don't want them to play around with others.
-
-
- http or cookie authentication modes are secure: the MySQL passwords does
- not need to be set in the phpMyAdmin configuration file. (except for the
- "standard user" -see above-).
- In cookie mode, we send the password in a temporary cookie, so most
- browsers should not store the password in their cookie file.
-
-
- Please see the install section on "Using http authentication"
+ Please see the install section on "Using authentication modes"
for more information.