From 464b6c146af50375b2046be4913dd0da6b00c7cc Mon Sep 17 00:00:00 2001 From: Marc Delisle Date: Thu, 13 Dec 2001 03:18:28 +0000 Subject: [PATCH] clarifications about auth modes --- Documentation.html | 93 +++++++++++++++++++++++++--------------------- 1 file changed, 50 insertions(+), 43 deletions(-) diff --git a/Documentation.html b/Documentation.html index 3eb262da9..bc24da57f 100755 --- a/Documentation.html +++ b/Documentation.html @@ -149,7 +149,7 @@ phpMyAdmin can manager a whole MySQL-server (needs a super-user) but also a single database. To accomplish the latter you'll need a properly set up MySQL-user who can read/write only the desired - database. It's up to you to look up the appropiate part in the + database. It's up to you to look up the appropriate part in the MySQL manual. Currently phpMyAdmin can:

@@ -220,8 +220,8 @@ explanation of all values.
  • It is recommended that you protect the directory in which you installed phpMyAdmin (unless it's on a closed intranet, or you - wish to use http authentication), for example with HTTP-AUTH (in a - .htaccess file). See the + wish to use http or cookie authentication), for example with + HTTP-AUTH (in a .htaccess file). See the FAQ section for additional information.
  • Open the file @@ -239,10 +239,21 @@ values in the new one.
  • -

    Using http authentication mode:

    -
      -
    1. - phpMyAdmin needs a stduser that has only the SELECT +

      Using authentication modes:

      +
        +
      • Http and cookie authentication modes are recommended in a multi-user + environment where you want to give users access to their own database + and don't want them to play around with others.

      • + +
      • Http and cookie authentication modes are secure: the MySQL password does + not need to be set in the phpMyAdmin configuration file. (except for the + "standard user" -see the Configuration section-).
        + In cookie mode, we send the password in a temporary cookie, so most + browsers should not store the password in their cookie file. +

      • + +
      • For 'http' and 'cookie' modes, phpMyAdmin needs a stduser that + has only the SELECT privilege on the mysql.user (all columns except "Password"), mysql.db (all columns) & mysql.tables_priv (all columns except "Grantor" & @@ -284,27 +295,38 @@    GRANT ALL PRIVILEGES ON user_base.* TO 'real_user'@localhost IDENTIFIED BY 'real_password';
        What the user may now do is controlled entirely by the MySQL user management - system. + system.
        + With http or cookie auth mode, you don't need to fill the user/password + fields inside the $cfgServers array.
      • -
    - -

    Using cookie authentication mode:

    - -

    Using standard authentication mode:

    +

    'http' authentication mode:

    + +

    'cookie' authentication mode:

    + + +

    'config' authentication mode:

    @@ -391,7 +413,7 @@ $cfgServers[n]['stdpass'] string
    - When using http or cookie authentication modes (or standard + When using http or cookie authentication modes (or 'config' authentication mode since phpMyAdmin 2.2.1), you need to supply the details of a MySQL account that has SELECT privilege on the mysql.user (all columns except "Password"), @@ -409,48 +431,33 @@

    -
    $cfgServers[n]['auth_type'] string ['http'|'cookie'|'basic']
    +
    $cfgServers[n]['auth_type'] string ['http'|'cookie'|'config']
    - Whether basic or cookie or http authentication should be used for this + Whether config or cookie or http authentication should be used for this server.
    • - Basic authentication ($auth_type = 'basic') + 'config' authentication ($auth_type = 'config') is the plain old way: username and password are stored in config.inc.php3.
    • - Cookie authentication mode + 'cookie' authentication mode ($auth_type = 'cookie') as introduced in 2.2.3 allows you to log in as any valid MySQL user with the help of... cookies. Log name and password are stored in - cookies during the session and password are deleted when it + cookies during the session and password is deleted when it ends.
    • - Advanced or http authentication + 'http' authentication (was called 'advanced' in older versions) ($auth_type = 'http') as introduced in 1.3.0 allows you to log in as any valid MySQL user via HTTP-Auth.
      - Please note that this last authentication mode is - only supported with PHP running as an - Apache module, and not with cgi.

    - Http or cookie authentication modes are recommended in a multi-user - environment where you want to give users access to their own database - and don't want them to play around with others. -

    - - http or cookie authentication modes are secure: the MySQL passwords does - not need to be set in the phpMyAdmin configuration file. (except for the - "standard user" -see above-).
    - In cookie mode, we send the password in a temporary cookie, so most - browsers should not store the password in their cookie file. -

    - - Please see the install section on "Using http authentication" + Please see the install section on "Using authentication modes" for more information.