[BlueOnyx:16493] Re: 5208R - Adding mysql Database to a site
Michael Stauber
mstauber at blueonyx.it
Wed Nov 19 14:36:12 -05 2014
Hi Chris,
> We granted all privileges on the specific database to the user, and that
> cleared the problem for them.
>
> In the days when we set up MySQL databases for customers using
> phpMyAdmin, we would routinely "Check All" for the "Database-specific
> privileges". Yes, that gives the user full reign to screw things up,
> but only on their own DB, so unless I'm missing something, I don't see
> any reason not to do that.
Hmmm ... I see. Yeah, typically they wouldn't need all privileges. With
the privileges that the GUI usually grants they can access, create,
modify and destroy tables and data within. That's usually good enough.
But yeah: There might be usage cases where an app demands all
privileges. Even if that's unwise or not really all that clever to begin
with.
Sooo ... how do we want to handle this?
As is you have the option to simply go to "Server Management" / "Network
Services" / "MySQL-Settings" and tick all checkboxes. If you do, the
MySQL users will be created with all privileges. Which might give the
user full reign to screw things up.
Or do you think it's really necessary that I modify the defaults of that
module so that all privileges are already ticked by default?
I certainly can do that. But it might not be the best of ideas to let
everyone start with such a wide range of default capabilities.
After all: Allowing anyone to run stored procedures and/or creating
temporary tables can be abused pretty heavily to do stuff that you might
not appreciate for the sake of the health of the server.
I'm open to suggestions on this, as I'm not sure which direction we
should take this.
--
With best regards
Michael Stauber
More information about the Blueonyx
mailing list