>> Current solution does not prevent the same-domain ClickJacking because
>> if you access for example
http://localhost/phpMyAdmin/?db=cds (without
>> token) then phpMyAdmin still happily works.
> Yes it does work intentionally. But that still pretty much lowers
> risk.
I really don't see how this lowers the risk. phpMyAdmin is vulnerable
to same-domain ClickJacking, that's my point.
Jakub Vrána
------------------------------------------------------------------------------
Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
Finally, a world-class log management solution at an even better price-free!
Download using promo code Free_Logger_4_Dev2Dev. Offer expires
February 28th, so secure your free ArcSight Logger TODAY!
http://p.sf.net/sfu/arcsight-sfd2d_______________________________________________
Phpmyadmin-users mailing list
Phpmyadmin-users@...
https://lists.sourceforge.net/lists/listinfo/phpmyadmin-users
