This bug was fixed in the package phpmyadmin - 4:3.2.0.1-1
---
phpmyadmin (4:3.2.0.1-1) unstable; urgency=high
* New upstream version fixing XSS (PMASA-2009-5).
* Document no empty password in README.Debian and the shipped sample
configuration file (LP: #388703).
* Install s
Yes, we (as phpMyAdmin developers) originally argumented also this way.
However there is problem that MySQL allows local connections without
passwords, while phpMyAdmin allows to make them remotely. That's reason
why empty passwords are disabled by default (by upstream).
--
Impossible to log in w
I did figure this out after I submitted the bug. I believe that it is
still a valid bug, however. Since Ubuntu ships a default MySQL
configuration with a blank root password, the default phpMyAdmin
configuration should be modified to allow it to work out of the box on
Ubuntu, even if this isn't t
This is intentional change. You need to enable empty password logins
explicitly by AllowNoPassword directive, see phpMyAdmin documentation
for details.
I added documentation about this to README.Debian.
** Changed in: phpmyadmin (Ubuntu)
Status: New => Fix Committed
** Changed in: phpmyad
