Invision Community 4: SEO, prepare for v5 and dormant account notifications By Matt Monday at 02:04 PM
Egorkin Posted April 16 Posted April 16 What minimum permissions does IPS recommend giving MySQL users for maximum safety?
Marc Posted April 16 Posted April 16 the mysql user requires full read and write to the database Egorkin 1
Egorkin Posted April 16 Author Posted April 16 (edited) SELECT INSERT UPDATE DELETE Is that all? Or does IPB need something else? P.S.: It would be good to note this in the IPB documentation. Edited April 16 by Egorkin
Nathan Explosion Posted April 16 Posted April 16 That's just the 'DATA' level. For structure, you'll need ALTER, CREATE, INDEX and DROP at least. Egorkin 1
Egorkin Posted April 16 Author Posted April 16 6 minutes ago, Nathan Explosion said: For structure, you'll need ALTER, CREATE, INDEX and DROP at least. It seems to me that this is for upgrades 🙂
Randy Calvert Posted April 16 Posted April 16 My suggestion would be to give it full permission. If IPB is kept in its own database with nothing else in it, there is no risk to it having full permission. It should not be interfering with other applications. Restricting permissions only can lead to problems later when it potentially can't do something it needs later and you think the software itself is broken when it's instead just a platform configuration on your side. A few months down the road, you're never going to remember this and it will be a big mess and waste of time figuring out how to fix the issue when it could be avoided in the first place. You're not really increasing the security of anything as long as you keep IPB in its own DB without other applications installed in it. Jim M 1
Nathan Explosion Posted April 16 Posted April 16 @Egorkin - I'd appreciate it if you unmarked my post as the solution, because it isn't. I stated "at least" which means that there may be others. My statement is not definitive, and I'd hate for someone to stumble across it and blame me at a later point for any issues they experience.
Egorkin Posted April 16 Author Posted April 16 7 minutes ago, Randy Calvert said: My suggestion would be to give it full permission. I have a separate user for the IPB database.
Randy Calvert Posted April 16 Posted April 16 28 minutes ago, Egorkin said: I have a separate user for the IPB database. In that case, if you have a dedicated IPB database and database user, just give it full permission and call it a day. It is no more/less secure and will avoid problems later down the road.
Egorkin Posted April 17 Author Posted April 17 Why does the user need, for example, administrative functions such as GRANT, SUPER, PROCESS, RELOAD, SHUTDOWN ... CREATE USER? 🤔
Marc Posted April 17 Posted April 17 55 minutes ago, Egorkin said: Why does the user need, for example, administrative functions such as GRANT, SUPER, PROCESS, RELOAD, SHUTDOWN ... CREATE USER? 🤔 As I mentioned above, you need FULL read and write access to the database. What you are mentioning there are MySQL server level permissions, not database permissions.
Recommended Posts