Topic on Project:Support desk

Correct privileges for database user

6
Jonathan3 (talkcontribs)

I'd like to grant the minimum necessary privileges for an existing wiki being moved to a new server. Which is best of the following?

Thanks.

Bawolff (talkcontribs)

for normal use (not update.php) i would reccomend SELECT, INSERT, UPDATE, LOCK TABLES and DELETE. Pay attention to exceptions in case any errors happen.

Update.php needs much more rights.

Jonathan3 (talkcontribs)

Thanks. Would you change the database user's privileges before and after running update.php each time? Or is it possible to use a separate user for that script?

What do you do in practice? I'm tempted to leave it at GRANT ALL PRIVILEGES and trust in other things to keep the database secure...

Ciencia Al Poder (talkcontribs)
Bawolff (talkcontribs)

I think most people just do whatever the installer does. Big sites like wikipedia are a bit moe careful i think.


The big thing is you want to make sure that you dont have rights like "super" or "file", as they can be used to turn an sql injection vulnerability into a full server take over vulnerability (given how many things in db use php serialixation, that's probably a little moot, but still, don't want to make things easy)

Jonathan3 (talkcontribs)

Thanks for these replies. In the medium term I will use $wgDBadminuser (or --dbuser and --dbpass on the command line). In the short term I will leave $wgDBuser with ALL privileges. The biggest risk is probably me messing this up and I don't have time now to ensure I get it right :-)

Adding a note here for myself that ALL includes everything but GRANT (i.e. it includes SUPER and FILE). I wonder whether given this fact, the standard instructions shouldn't advise to GRANT ALL.

Reply to "Correct privileges for database user"