nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

blowfish encryption

Browse Source
This commit is contained in:
Marc Delisle
2003-07-01 21:33:42 +00:00
parent 384e5acf7c
commit 5ebc9a1caf
2 changed files with 16 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
ChangeLog
View File

@@ -8,6 +8,11 @@ $Source$
2003-07-01 Marc Delisle <lem9@users.sourceforge.net>
* Documentation.html: faq 8.1 about security alert of 2003-06-18
* tbl_properties_links.php3: fix missing SQL section for exports
* libraries/auth/cookie.auth.lib.php3, libraries/blowfish.php3,
libraries/common.lib.php3, libraries/config_import.lib.php3,
config.inc.php3, user_password.php3, Documentation.html, lang/*:
now used the blowfish algorithm to encrypt the password in the
temporary cookie
2003-06-30 Marc Delisle <lem9@users.sourceforge.net>
* lang/french: update

13
Documentation.html
View File

@@ -517,6 +517,14 @@ $cfg['PmaAbsoluteUri'] = (!empty($_SERVER['HTTPS']) ? 'https' : 'http') . '://'
<br /><br />
</dd>
<dt>
<b>$cfg['Servers'][$i]['blowfish_secret']</b> string<br />
</dt>
<dd>
If your are using &quot;cookie&quot; auth_type, enter here
a secret passphrase which will be used by the blowfish encryption
mecanism to protect the password stored in the temporary cookie.
</dd>
<dt>
<b>$cfg['Servers'][$i]['user']</b> string<br />
<b>$cfg['Servers'][$i]['password']</b> string
@@ -3326,7 +3334,7 @@ To create a new, empty mimetype please see libraries/transformations/template_ge
[8.1] Security alert, dated 2003-06-18.
</h4>
<p>
Last update of this FAQ: 2003-07-01.
Last update of this FAQ: 2003-07-02.
<br /><br />
The phpMyAdmin's development team received notice of this
<a href="http://www.securityfocus.com/archive/1/325641" target="_blank">security alert.</a>
@@ -3369,7 +3377,8 @@ To create a new, empty mimetype please see libraries/transformations/template_ge
<li>&quot;Information encoding weakness&quot;
<br /><br />
We believe that an exploit for this weakness would be difficult
to achieve. However we are currently working to remove this weakness.
to achieve. However version 2.5.2-dev now encrypts the password
with the well-known blowfish algorithm.
<br /><br />
</li>
</ul>