Latest News: (loading..)

Archived

This topic is now archived and is closed to further replies.

isumitg

MySQL user privileges for osCommerce

2 posts in this topic

Out of the below mentioned MySQL user privileges, which are necessary for osCommerce to run without any problems? (both back-end and front-end)

I am just worried if it is a security concern if I allow all privileges? Is there any documentation / tutorial which I can refer?

 

ALTER

CREATE

CREATE ROUTINE

CREATE TEMPORARY TABLES

CREATE VIEW

DELETE

DROP

EXECUTE

INDEX

INSERT

LOCK TABLES

REFERENCES

SELECT

SHOW VIEW

TRIGGER

UPDATE

Share this post


Link to post
Share on other sites

A quick search of the code reveals:

 

ALTER, EXECUTE, INDEX, LOCK TABLES, REFERENCES, SHOW VIEW, and TRIGGER don't seem to be used

 

CREATE * and DROP seems to only be used by admin/backup and install

 

SELECT, DELETE, and UPDATE are widely used

 

You can always restore specific permissions if osC complains that it can't perform a certain database operation.

 

Once you have installed osC, and will use phpMyAdmin to back up, you could get rid of permissions for CREATE * and DROP, if that's what worries you.

isumitg likes this

Share this post


Link to post
Share on other sites