What minimum permissons can I give the mysql user for xenforo

Shamufish

Member
Hi, so in my 14+ years of webdevelopment (sheesh I'm old hat now), if there's one thing I learned, is that sql injection attacks are a ***** :-D

In order to minimize issues I tend to like to give my webapps mysql accounts only the minimum access as necessary, for example, read and update only, so that things like drop can't at least be injected (just in case).

I was wondering if there's a list somewhere of what's the minimum xenforo can get away with, and if maybe in the future we'll see an installer script with alter privileges but an actual app limited to select, update etc.
 

borbole

Well-known member
Hi, so in my 14+ years of webdevelopment (sheesh I'm old hat now), if there's one thing I learned, is that sql injection attacks are a ***** :-D

In order to minimize issues I tend to like to give my webapps mysql accounts only the minimum access as necessary, for example, read and update only, so that things like drop can't at least be injected (just in case).

I was wondering if there's a list somewhere of what's the minimum xenforo can get away with, and if maybe in the future we'll see an installer script with alter privileges but an actual app limited to select, update etc.
It would be best to give it full permission as limitted access of the user to the db might result in connection errors.
 

Shamufish

Member
OK cool, so the answer is, create a schema for xenforo and a matching user with all rights given except GRANT.
 
Top