1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

What minimum permissons can I give the mysql user for xenforo

Discussion in 'XenForo Questions and Support' started by Shamufish, Jun 21, 2011.

  1. Shamufish

    Shamufish Member

    Hi, so in my 14+ years of webdevelopment (sheesh I'm old hat now), if there's one thing I learned, is that sql injection attacks are a ***** :-D

    In order to minimize issues I tend to like to give my webapps mysql accounts only the minimum access as necessary, for example, read and update only, so that things like drop can't at least be injected (just in case).

    I was wondering if there's a list somewhere of what's the minimum xenforo can get away with, and if maybe in the future we'll see an installer script with alter privileges but an actual app limited to select, update etc.
  2. borbole

    borbole Well-Known Member

    It would be best to give it full permission as limitted access of the user to the db might result in connection errors.
  3. Luke F

    Luke F Well-Known Member

    You'll need drop for uninstalling addons
  4. Jake Bunce

    Jake Bunce XenForo Moderator Staff Member

  5. Shamufish

    Shamufish Member

    OK cool, so the answer is, create a schema for xenforo and a matching user with all rights given except GRANT.

Share This Page