M
Marco Tulio Cicero de M. Porto
Guest
Hello!
My name is Marco Tulio, I'm from Brazil and quite a new Dadabik user. And first of all, I would like to say that Dadanik is very good program that helped me a lot. But...
...the thing is that Dadabik, as a database interface, gives you direct access to the database you're using. I was just following the "Dadabik on the web" link (on this website) when something occured me: What if someone got into my admin.php page and uninstalled the tables I got into Dadabik, or changes the way the page appears to users, or even delete data from my DB?
Well, if my database user has all privileges, then anyone that could have direct access to my admin.php could erase all my database.
Also, if my admin.php has permitions set to everyone (execute, write, read) then I also have a problem since anyone could make any kinda change on my forms.
And once that Dadabik users usually don't change much of it's structure, anyone who's familiarized with it can make a huge mess.
I'm not telling you to start messing around other people databases, just saying that if you're a user, start thinking on:
a) giving your db user only read access to your database.
b) turning exec/write permitions OFF on admin.php (so that anyone can change it) It would be a nice idea to change those same permitions on internal_table_manager.php as well.
And if you're a developer, start thinking on:
a) implementing security components to Dadabik.
b) tell the user (while on the installation of Dadabik) about security issues.
And that's all I have to say about this subject.
I hope I could help you guys out as you help me. Thanks!
Cheers,
Marco Tulio
My name is Marco Tulio, I'm from Brazil and quite a new Dadabik user. And first of all, I would like to say that Dadanik is very good program that helped me a lot. But...
...the thing is that Dadabik, as a database interface, gives you direct access to the database you're using. I was just following the "Dadabik on the web" link (on this website) when something occured me: What if someone got into my admin.php page and uninstalled the tables I got into Dadabik, or changes the way the page appears to users, or even delete data from my DB?
Well, if my database user has all privileges, then anyone that could have direct access to my admin.php could erase all my database.
Also, if my admin.php has permitions set to everyone (execute, write, read) then I also have a problem since anyone could make any kinda change on my forms.
And once that Dadabik users usually don't change much of it's structure, anyone who's familiarized with it can make a huge mess.
I'm not telling you to start messing around other people databases, just saying that if you're a user, start thinking on:
a) giving your db user only read access to your database.
b) turning exec/write permitions OFF on admin.php (so that anyone can change it) It would be a nice idea to change those same permitions on internal_table_manager.php as well.
And if you're a developer, start thinking on:
a) implementing security components to Dadabik.
b) tell the user (while on the installation of Dadabik) about security issues.
And that's all I have to say about this subject.
I hope I could help you guys out as you help me. Thanks!
Cheers,
Marco Tulio