phpMyAdmin 2.5.2-pl1

Version 2.5.2-pl1 of phpMyAdmin (http://www.phpmyadmin.net), a third party database administration tool used by many of the FutureQuest Site Owners, has been released today. This new version repairs problems that include a bug that can be used to display a listing of the phpMyAdmin directory, and path discloser and XSS* problems. In addition the password is now encrypted using the blowfish algorithm.
Users are encouraged to upgrade to this new version.

The new version can be downloaded from http://sourceforge.net/project/showfiles.php?group_id=23067, or http://www.phpmyadmin.net.

Informational links:
http://www.phpmyadmin.net/documentation/#faqsecurity
http://www.securityfocus.com/archive/1/325641

* Cross Site Scripting
--
Arthur

Thanks for the announcement Arthur

Note that over time, pMA has grown considerably. A good chunk of this is the multilingual support that has been added. You should be able to save at least 3.5MB by removing the pMA/lang/ files you don't use (your FQ account will thank you) ; just be sure to keep the *.sh files and the language files that you use.

Hello,

I think I found another way to make phpMyAdmin more secure if you use the port fowarding feature in ssh. Add the following thats in quotes to the top of the file config.inc.php or config.inc.php3 witch ever version you picked.

$host = $_SERVER["SERVER_NAME"];

if($host != "127.0.0.1") {
echo "Access Denied";
exit(0);
}

( I only tested my hack myself and it seams to work, If you have problems
let me know )