documentation-developer icon indicating copy to clipboard operation
documentation-developer copied to clipboard

Published 20 hours ago verified publisher icon ibexa

Security checklist: DB "operations needed"

Open adriendupuis opened this issue 1 year ago • 1 comments

Question Answer
JIRA Ticket N/A
Versions 4.x!, 3.3?, 2.5?
Edition All

How do I "Ensure that the database user used by the web app only has access to do the operations needed"?

Forked from #2355

Checklist

  • [ ] Text renders correctly
  • [ ] Text has been checked with vale
  • [ ] Description metadata is up to date
  • [ ] Redirects cover removed/moved pages
  • [ ] Code samples are working
  • [ ] PHP code samples have been fixed with PHP CS fixer
  • [ ] Added link to this PR in relevant JIRA ticket or code PR

adriendupuis avatar Apr 08 '24 14:04 adriendupuis

I'll have a looksie again soon. As I recall, there was debate if it even makes sense to recommend this. Which is a fair point. Sabotage is perfectly possible with just INSERT and UPDATE, and read access with SELECT is often the most dangerous of all.

glye avatar Jun 26 '24 16:06 glye