Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security checklist: DB "operations needed" #2356

Open
wants to merge 9 commits into
base: master
Choose a base branch
from
Open

Security checklist: DB "operations needed" #2356

wants to merge 9 commits into from

Conversation

adriendupuis
Copy link
Contributor

Question Answer
JIRA Ticket N/A
Versions 4.x!, 3.3?, 2.5?
Edition All

How do I "Ensure that the database user used by the web app only has access to do the operations needed"?

Forked from #2355

Checklist

  • Text renders correctly
  • Text has been checked with vale
  • Description metadata is up to date
  • Redirects cover removed/moved pages
  • Code samples are working
  • PHP code samples have been fixed with PHP CS fixer
  • Added link to this PR in relevant JIRA ticket or code PR

glye
glye reviewed Apr 9, 2024
View reviewed changes
docs/infrastructure_and_maintenance/security/security_checklist.md

```sql
CREATE USER 'user'@'host' IDENTIFIED BY 'password';
GRANT SELECT, INSERT, UPDATE, DELETE ON database_name.* TO 'user'@'host';
Copy link
Contributor

@glye glye Apr 9, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Won't we need TCL commands here, too? BEGIN START TRANSACTION, COMMIT, ROLLBACK, SET at least?

Copy link
Contributor Author

@adriendupuis adriendupuis Jun 18, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I may have misinterpreted your remark at first. I thought it was about wrapping the commands in a transaction batch.

SET could be added in PostgreSQL: https://www.postgresql.org/docs/current/sql-grant.html#SQL-GRANT-DESCRIPTION-OBJECTS

I see no equivalent on MySQL: https://dev.mysql.com/doc/refman/8.4/en/privileges-provided.html

adriendupuis
adriendupuis commented Jun 18, 2024
View reviewed changes
docs/infrastructure_and_maintenance/security/security_checklist.md
Comment on lines +153 to +154
CREATE USER 'user'@'host' IDENTIFIED BY 'password';
GRANT SELECT, INSERT, UPDATE, DELETE ON database_name.* TO 'user'@'host';
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
CREATE USER 'user'@'host' IDENTIFIED BY 'password';
GRANT SELECT, INSERT, UPDATE, DELETE ON database_name.* TO 'user'@'host';
START TRANSACTION;
CREATE USER 'user'@'host' IDENTIFIED BY 'password';
GRANT SELECT, INSERT, UPDATE, DELETE ON database_name.* TO 'user'@'host';
COMMIT;

adriendupuis
adriendupuis commented Jun 18, 2024
View reviewed changes
docs/infrastructure_and_maintenance/security/security_checklist.md
Comment on lines +160 to +163
CREATE USER user PASSWORD 'password';
GRANT CONNECT ON DATABASE database_name TO user;
GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA public TO user;
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT, INSERT, UPDATE, DELETE ON TABLES TO user;
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
CREATE USER user PASSWORD 'password';
GRANT CONNECT ON DATABASE database_name TO user;
GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA public TO user;
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT, INSERT, UPDATE, DELETE ON TABLES TO user;
BEGIN;
CREATE USER user PASSWORD 'password';
GRANT CONNECT ON DATABASE database_name TO user;
GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA public TO user;
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT, INSERT, UPDATE, DELETE ON TABLES TO user;
COMMIT;

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
CREATE USER user PASSWORD 'password';
GRANT CONNECT ON DATABASE database_name TO user;
GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA public TO user;
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT, INSERT, UPDATE, DELETE ON TABLES TO user;
CREATE USER user PASSWORD 'password';
GRANT CONNECT ON DATABASE database_name TO user;
GRANT SET, SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA public TO user;
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT, INSERT, UPDATE, DELETE ON TABLES TO user;

@adriendupuis adriendupuis requested a review from glye June 18, 2024 09:51
@adriendupuis adriendupuis marked this pull request as ready for review June 18, 2024 09:51
@adriendupuis
Merge branch 'master' into checklist-db
abe2e28 
# Conflicts:
#	docs/infrastructure_and_maintenance/security/security_checklist.md
@glye
Copy link
Contributor

glye commented Jun 26, 2024

I'll have a looksie again soon. As I recall, there was debate if it even makes sense to recommend this. Which is a fair point. Sabotage is perfectly possible with just INSERT and UPDATE, and read access with SELECT is often the most dangerous of all.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@glye glye Awaiting requested review from glye

Assignees
No one assigned
Labels
Needs DEV review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@adriendupuis @glye