Egorkin Posted April 16 Share Posted April 16 What minimum permissions does IPS recommend giving MySQL users for maximum safety? Link to comment Share on other sites More sharing options...
Marc Stridgen Posted April 16 Share Posted April 16 the mysql user requires full read and write to the database Egorkin 1 Link to comment Share on other sites More sharing options...
Egorkin Posted April 16 Author Share Posted April 16 (edited) SELECT INSERT UPDATE DELETE Is that all? Or does IPB need something else? P.S.: It would be good to note this in the IPB documentation. Edited April 16 by Egorkin Link to comment Share on other sites More sharing options...
Nathan Explosion Posted April 16 Share Posted April 16 That's just the 'DATA' level. For structure, you'll need ALTER, CREATE, INDEX and DROP at least. Egorkin 1 Link to comment Share on other sites More sharing options...
Egorkin Posted April 16 Author Share Posted April 16 6 minutes ago, Nathan Explosion said: For structure, you'll need ALTER, CREATE, INDEX and DROP at least. It seems to me that this is for upgrades 🙂 Link to comment Share on other sites More sharing options...
Randy Calvert Posted April 16 Share Posted April 16 My suggestion would be to give it full permission. If IPB is kept in its own database with nothing else in it, there is no risk to it having full permission. It should not be interfering with other applications. Restricting permissions only can lead to problems later when it potentially can't do something it needs later and you think the software itself is broken when it's instead just a platform configuration on your side. A few months down the road, you're never going to remember this and it will be a big mess and waste of time figuring out how to fix the issue when it could be avoided in the first place. You're not really increasing the security of anything as long as you keep IPB in its own DB without other applications installed in it. Jim M 1 Link to comment Share on other sites More sharing options...
Nathan Explosion Posted April 16 Share Posted April 16 @Egorkin - I'd appreciate it if you unmarked my post as the solution, because it isn't. I stated "at least" which means that there may be others. My statement is not definitive, and I'd hate for someone to stumble across it and blame me at a later point for any issues they experience. Link to comment Share on other sites More sharing options...
Egorkin Posted April 16 Author Share Posted April 16 7 minutes ago, Randy Calvert said: My suggestion would be to give it full permission. I have a separate user for the IPB database. Link to comment Share on other sites More sharing options...
Randy Calvert Posted April 16 Share Posted April 16 28 minutes ago, Egorkin said: I have a separate user for the IPB database. In that case, if you have a dedicated IPB database and database user, just give it full permission and call it a day. It is no more/less secure and will avoid problems later down the road. Link to comment Share on other sites More sharing options...
Egorkin Posted April 17 Author Share Posted April 17 Why does the user need, for example, administrative functions such as GRANT, SUPER, PROCESS, RELOAD, SHUTDOWN ... CREATE USER? 🤔 Link to comment Share on other sites More sharing options...
Marc Stridgen Posted April 17 Share Posted April 17 55 minutes ago, Egorkin said: Why does the user need, for example, administrative functions such as GRANT, SUPER, PROCESS, RELOAD, SHUTDOWN ... CREATE USER? 🤔 As I mentioned above, you need FULL read and write access to the database. What you are mentioning there are MySQL server level permissions, not database permissions. Link to comment Share on other sites More sharing options...
Recommended Posts