diff --git a/ChangeLog b/ChangeLog index b76c5baed..e15626b81 100755 --- a/ChangeLog +++ b/ChangeLog @@ -8,6 +8,11 @@ $Source$ 2003-07-01 Marc Delisle * Documentation.html: faq 8.1 about security alert of 2003-06-18 * tbl_properties_links.php3: fix missing SQL section for exports + * libraries/auth/cookie.auth.lib.php3, libraries/blowfish.php3, + libraries/common.lib.php3, libraries/config_import.lib.php3, + config.inc.php3, user_password.php3, Documentation.html, lang/*: + now used the blowfish algorithm to encrypt the password in the + temporary cookie 2003-06-30 Marc Delisle * lang/french: update diff --git a/Documentation.html b/Documentation.html index bec1850e7..8d1336b29 100755 --- a/Documentation.html +++ b/Documentation.html @@ -517,6 +517,14 @@ $cfg['PmaAbsoluteUri'] = (!empty($_SERVER['HTTPS']) ? 'https' : 'http') . '://'

+
+ $cfg['Servers'][$i]['blowfish_secret'] string
+
+
+ If your are using "cookie" auth_type, enter here + a secret passphrase which will be used by the blowfish encryption + mecanism to protect the password stored in the temporary cookie. +
$cfg['Servers'][$i]['user'] string
$cfg['Servers'][$i]['password'] string @@ -3326,7 +3334,7 @@ To create a new, empty mimetype please see libraries/transformations/template_ge [8.1] Security alert, dated 2003-06-18.

- Last update of this FAQ: 2003-07-01. + Last update of this FAQ: 2003-07-02.

The phpMyAdmin's development team received notice of this security alert. @@ -3369,7 +3377,8 @@ To create a new, empty mimetype please see libraries/transformations/template_ge

  • "Information encoding weakness"

    We believe that an exploit for this weakness would be difficult - to achieve. However we are currently working to remove this weakness. + to achieve. However version 2.5.2-dev now encrypts the password + with the well-known blowfish algorithm.