[Suggestion] Lock SQL Toolbox Option

[AndyF]

Here`s an idea :D

Add a line (probably init.php would be a good place) :unsure: , to disable access to the SQL Toolbox area completely. As if anyone gains root access, you can at least limit (a bit) what they can do.

Something like...

define ( 'SQL_TOOLBOX', 0 );

To turn it off (ideally by default it should be off, just imo)


Just a thought anyway ;)

[bfarber]

I just delete the file from action_admin when I don't want it accessible.

[Axel Wers]

to disable access to the SQL Toolbox area completely.

Not bad idea but I use it often. Rather protect it by password.

[AndyF]

I just delete the file from action_admin when I don't want it accessible.

Simple but effective, I overlooked the easy way :blush: :D

[AndyF]

Wrote a small article about this now anyway :)

[Dlf]

Or if you can edit the source files take the entire thing out of the ACP.

[Louis M.]

I just did what Brandon said. If I need to run queries I always do it from phpMyAdmin. Ever since I discovered FireFox a year ago (yeah I was stubborn) I believe firmly in many multiple tabs :D.

[rct2·com]

Personally I think that root admin should have access to everything in AdminCP, all the time.

If you own a board and are root admin, and are nervous about some of the features, you can always create yourself a second admin account, and use the AdminCP security features to switch off the parts of AdminCP that you don't want to use unless you really HAVE to, in which case you login as root instead.

Just my tuppence worth.....

[Jaggi]

just thinking how many people have actually had their forums hacked by the sql console? happened alot in the 1.3 versions but haven't seen or heard of it happening in a long time

[AndyF]

I just changed the case 'runsql': to give an error...