diff options
| author | Marc Delisle <marc@infomarc.info> | 2008-07-24 21:12:32 +0400 |
|---|---|---|
| committer | Marc Delisle <marc@infomarc.info> | 2008-07-24 21:12:32 +0400 |
| commit | 152a7342fd75ea9aa537b0e65c59c7d0857bf911 (patch) | |
| tree | deb6f202ac4e9c2c899c75fe580b2b0d40aba4ed /Documentation.html | |
| parent | 37b3fbb8e32c819dcc9071a9931ce09f36dafb10 (diff) | |
protection against cross-frame scripting
Diffstat (limited to 'Documentation.html')
| -rw-r--r-- | Documentation.html | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/Documentation.html b/Documentation.html index 0dd544407f..1c18ff8a4e 100644 --- a/Documentation.html +++ b/Documentation.html @@ -577,6 +577,11 @@ GRANT ALL PRIVILEGES ON user_base.* TO 'real_user'@localhost IDENTIFIED BY 'real You can set this parameter to <tt>TRUE</tt> to stop this message from appearing.</dd> + <dt id="cfg_AllowThirdPartyFraming">$cfg['AllowThirdPartyFraming'] boolean</dt> + <dd>Setting this to <tt>true</tt> allows a page located on a different + domain to call phpMyAdmin inside a frame, and is a potential security + hole allowing cross-frame scripting attacks.</dd> + <dt id="cfg_blowfish_secret">$cfg['blowfish_secret'] string</dt> <dd>The "cookie" auth_type uses blowfish algorithm to encrypt the password.<br /> |