Shamufish
Member
Hi, so in my 14+ years of webdevelopment (sheesh I'm old hat now), if there's one thing I learned, is that sql injection attacks are a ***** :-D
In order to minimize issues I tend to like to give my webapps mysql accounts only the minimum access as necessary, for example, read and update only, so that things like drop can't at least be injected (just in case).
I was wondering if there's a list somewhere of what's the minimum xenforo can get away with, and if maybe in the future we'll see an installer script with alter privileges but an actual app limited to select, update etc.
In order to minimize issues I tend to like to give my webapps mysql accounts only the minimum access as necessary, for example, read and update only, so that things like drop can't at least be injected (just in case).
I was wondering if there's a list somewhere of what's the minimum xenforo can get away with, and if maybe in the future we'll see an installer script with alter privileges but an actual app limited to select, update etc.