15 Apr
2014
15 Apr
'14
10:37 a.m.
Hello,
I think GRANT right is needed, so xwiki db user can automatically assign
rights to created databases, isn't it ?
You have some ways to improve security, as using a strong password for
xwiki db user, limiting login from this specific server only, etc...
You could also give privilege needed to create new db only when you need it
(ie, you want to create a subwiki), and remove them afterwards (supposing
you control the subwiki creation process).
BR,
Jeremie
2014-04-14 19:17 GMT+02:00 Guillaume Fenollar <guillaume.fenollar(a)xwiki.com>
:
Hello,
Giving "ALL PRIVILEGES" doesn't give the GRANT option, so basically, if you
run this command, it will give xwiki user all the rights, but to that one
only. Beyond that, I don't see how the reload privilege could be dangerous
at all to give.
The only way to make it more secure is to grant the rights for every
database, one by one.
We used to meet people having issues during wikis creations, because of
lack of privileges, that's why the documentation directly advise to give
all privileges to everything. So of course, you can also pick the exclusive
rights you want to grant, but since you need to do that for every database,
it may be a bit long.
Good luck
Guillaume
2014-04-14 9:43 GMT+02:00 Martin Hamant <mh(a)ow2.org>rg>:
Hi,
It is mentioned in the documentation "Give all privileges to the xwiki
user for accessing and creating databases" - because the user to be able
to
create additional databases for sub-wikis ; but
isn't it a little pushy
to
give *all* the privileges (Grant, reload...) to
the xwiki user ?
How could I secure the xwiki mysql user account a little more ?
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users