htaccess file (see the
Security section in this chapter), this will interfere with HTTP authentication
type; we cannot use both.
There is not a true logout; we will have to close all browser windows to be able to
login again with the same username. Even considering those limitations, this mode
may be a valuable choice for the following reasons:
Some browsers (like Mozilla) can store the authentication information in
an encrypted form.
It is a bit faster than cookie processing.
???
???
??? ???
Chapter 2
[ 35 ]
Cookie Authentication
The cookie authentication mode is superior to http in terms of the functionalities
offered. It offers true login and logout, and can be used with PHP running on any
kind of web server. It presents a login panel (see the following figure) from within
phpMyAdmin. This can be customized because we have the application source code.
However, as you may have guessed, for cookie authentication, the browser must
accept cookies coming from the web server??”but this is true for all authentication
modes starting with phpMyAdmin 2.8.0:
This mode stores the username typed in the login screen into a permanent cookie
in our browser. The password is stored as a temporary cookie. In a multi-server
configuration, the username/password pair corresponding to each server is stored
separately. To protect the username/password secrecy against some attack methods
that target cookie content, they are encrypted using the Blowfish mechanism.
Pages:
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60