mrjasongorman

MySQL Permissions

5 posts in this topic

I'm just wondering exactly what MySQL permissions are required for ProcessWire? From a security point of view i would prefer to lock down the MySQL user that ProcessWire uses to the least amount of privileges needed.

I guess it's SELECT, INSERT, UPDATE, DELETE, but do any modules create additional indexes?

Any help on this would be great.

Share this post


Link to post
Share on other sites
42 minutes ago, Francesco Bortolussi said:

From what i saw ProcessWire need to CREATE tables and indexes too.

True

Share this post


Link to post
Share on other sites

Each new field must be able to create it's own table and corresponding indexes. Few modules do create own tables as well.

Share this post


Link to post
Share on other sites

Looking at the requirements i think these privileges should be enough?

Data: SELECT, INSERT, UPDATE, DELETE

Definition: CREATE, ALTER, DROP

Extra: INDEX

Similar to this requirement from Wordpress... http://wordpress.stackexchange.com/questions/6424/mysql-database-user-which-privileges-are-needed

Also points out a nice config conditional trick where by a higher privileged DB user is used in the admin area, and normal pages use lower privileges (possibly just SELECT).

Hope this helps keep ProcessWire setups even more secure.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By kixe
      Today I have been running in mysql errors using @renobird s Module MarkupActivityLog which still uses mysqli Driver.
      @all developers
      Although mysqli is still supported PDO driver is the default database driver in PW since https://processwire.com/about/news/introducing-processwire-2.4/
      and its strongly recommend to all module authors to use/change-to PDO driver instead of mysqli.

      @renobird I have sent a pull request.
       
    • By robinc
      With any website, there is the possibility of db issues - overloaded server, network connectivity if the db is on another machine in the hosting network, etc.
      I would love to see a feature where if there is any reason the db fails or cannot be accessed, then pw displays a dedicated page that is stored in the filesystem - instead of displaying nothing, or an ugly mysql error. Obviously it would be good to log the error, and possibly send a notification to the admin (email?).
      This gives us the opportunity to still present a professional front (albeit with no functionality) while problems are resolved behind the scenes. I cannot think of a company I have worked for that hasn't had db errors at times
      What are your thoughts?
    • By suntrop
      Hi all
      I have big troubles with my DB backups and phpMyAdmin. I can't manage to import a backup.
      The phpMyAdmin export settings are left to the defaults. The error message I get:
      #1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'INSERT INTO `caches` (`name`, `data`, `expires`) VALUES ('ModulesUninstalled.in' at line 11 When I delete the complete 'cache' section there are almost for all tables the same errors. (part of the dump attached)
      I had this problem before and back then (couple months ago) I think I copied almost every table individually. I thought it was specific to that DB. But I can't do a dump/import of any of my PW installations.
      MySQL: 5.6.27
      PHP version: 7.0.11
      phpMyAdmin: 4.5.5.1
      Anybody knows that problem? Or what to do?
      phpMyAdmin SQL Dump.sql
    • By Harmen
      Hey all,
      For my website I had to make a connection with an external DB. In that DB there are categories of products in different languages, and I want to import these categories in the languages that are available in processwire, I can do that with a very long code but I want to make it shorter. So I wrote a function to get the categories, but the different languages of the category names not, only if I insert the ISO-code hard-code. So here is my code:
      protected function get_category() { $languages = wire("languages"); try { $prestashp = $this->get_dbPrestashop(); foreach($languages as $language) { $iso_code= $language->name ; $categories = $prestashp->query( "SELECT l.id_lang, l.iso_code, cl.description, cl.name AS category_title, cl.id_shop, c.active, c.id_category, c.id_parent, c.position, cl.link_rewrite FROM ps_category c INNER JOIN ps_category_lang cl ON c.id_category=cl.id_category LEFT JOIN ps_lang l ON cl.id_lang=l.id_lang WHERE c.active='1' AND cl.id_shop='1' AND c.id_parent = '2' ORDER BY c.position "); } }catch(Exception $e) { $this->message('Failed to show categories. Try again later.'); return false; } return $categories; }  
      So in the DB there is Deutsch, Dutch, English(default), Spanish, Italian. And when I edit the template the different languages of the category names need to be imported in the right tab of the field. 
      https://gyazo.com/52a3549a8adaed2d5f44cac6dfb6d9d3 As you can see, there are language tabs above the field, and the names of the category in that language need to be insterted there. 
      Anyone have an idea how I can fix this?
    • By FrancisChung
      Redgate is giving out non commercial licenses for its MySQL Compare and MySQL Data Compare tool.

      I've used their SQL Server Compare tools and the ToolBelt extensively many years ago, and it saved my back side time and time again.
      I only happen to come across it because I was looking out for a MySQL Compare tool to work out the difference between my Test & Live Servers.

      The unfortunate caveat is that it only runs on Windows ...... perhaps it will still be of use to someone.
      I will try running it on Parallels and see if it can access a MySQL Instance running on the OS X Parent .... 

      http://www.red-gate.com/products/mysql/mysql-comparison-bundle/