• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

What minimum permissons can I give the mysql user for xenforo

#1
Hi, so in my 14+ years of webdevelopment (sheesh I'm old hat now), if there's one thing I learned, is that sql injection attacks are a ***** :-D

In order to minimize issues I tend to like to give my webapps mysql accounts only the minimum access as necessary, for example, read and update only, so that things like drop can't at least be injected (just in case).

I was wondering if there's a list somewhere of what's the minimum xenforo can get away with, and if maybe in the future we'll see an installer script with alter privileges but an actual app limited to select, update etc.
 

borbole

Well-known member
#2
Hi, so in my 14+ years of webdevelopment (sheesh I'm old hat now), if there's one thing I learned, is that sql injection attacks are a ***** :-D

In order to minimize issues I tend to like to give my webapps mysql accounts only the minimum access as necessary, for example, read and update only, so that things like drop can't at least be injected (just in case).

I was wondering if there's a list somewhere of what's the minimum xenforo can get away with, and if maybe in the future we'll see an installer script with alter privileges but an actual app limited to select, update etc.
It would be best to give it full permission as limitted access of the user to the db might result in connection errors.