Threaded Mode | Linear Mode

**BeNe** · 05-30-2007 07:11 PM

Hello,

i checked my config.inc.php in my PMA directory.
There is per default the blowfish_secret set:

Code:

/* YOU MUST FILL IN THIS FOR COOKIE AUTH! */

$cfg['blowfish_secret']                 = 'VhCsOm3g4kl631po0em3x33g1b.nehir3';

I check the file in the trunk, and this "blowfish_secret" string is in every ispCP installation on every Server the same?

I read about it in the PMA Docu

Code:

$cfg['blowfish_secret'] string

The "cookie" auth_type uses blowfish algorithm to encrypt the password.

If you are using the "cookie" auth_type, enter here a random passphrase of your choice. It will be used internally by the blowfish algorithm: you won’t be prompted for this passphrase. The maximum number of characters for this parameter seems to be 46.

ispCP is using the "cookie" auth_type.
So i dont know if this is a Security vulnerability or not ?
I use PMA of course, but i don´t no much about this function...

Greez BeNe

The secons thing is, i can see here "vhcs" in the key --> "VhCsOm3g4kl631po0em3x33g1b.nehir3" Wink

Threaded Mode \| Linear Mode PMA Security vulnerability ?
Author	Message