News:

Bored?  Looking to kill some time?  Want to chat with other SMF users?  Join us in IRC chat or Discord

Main Menu

Question about database flags for SMF

Started by Liviu Lalescu, February 11, 2022, 02:47:46 PM

Previous topic - Next topic

Liviu Lalescu

Dear SMF team,

Until today, I used SMF 2.0.19 and the used database on the server had allowed flags: ALTER, DELETE, INDEX, SELECT, INSERT, and UPDATE. After I tried updating to SMF 2.1.0 I found out that I needed to allow also CREATE and DROP (on another page I found also that I needed CREATE_TEMPORARY_TABLES, but this was not critically necessary on this occasion).

My question now is: do I need to keep allowed flags CREATE, DROP, and CREATE_TEMPORARY_TABLES, are they completely safe, or should I deactivate them?

Arantor

CREATE_TEMPORARY_TABLES should be enabled (several pages actually use it for performance), and you should assume that CREATE TABLE and DROP TABLE will be needed for any add-on installations/removals.

I have yet to see a setup of SMF in 16 years where having these permissions was a problem - all the queries to the database are protected by SMF's own security measures to prevent queries being abused in a bad way.

Aleksi "Lex" Kilpinen

There are situations where those might be needed, but for daily functionality they aren't necessary I believe.
As for safety, if you have SMF in it's on DB, and the DB with it's own dedicated user - I don't think this makes much difference really.
EDIT: Arantor was faster, again.
Slava
Ukraini!
"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum. Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

How you can help SMF

Liviu Lalescu

#3
Thank you! Marking as solved.

Edit: Yes, indeed, I have a dedicated database and user for SMF.

Advertisement: