Hi all, at the moment the BOINC DB user has full access to the DB server, not only the database specified in config.xml. This is because it needs the right to create and alter a new database. This is usually only needed once and therefore I suggest we don't create or drop the database in make_project but test if it already exists. If not the project admin has to create a user and a database on his own before creating the project. The make_project script could still clear the database but has no right to drop it anymore. This way, the impact of a SQL-Injection could be limited to the database only and not be used to insert files or change other databases on the same server. We have to come up with a minimal permission set for this user but as we do no fancy database stuff, this should be trivial.
Another note of safety: I would also advise every project to check for loopholes that are not BOINC related but affect the server as well. Starting with file and database permissions, logfile analysis, file tampering and intrusion detection mechanisms. I personally found OSSEC very helpfull in log and file monitoring, it also has a active response mechanism to counteract scanning or break-in attempts. Regards Christian _______________________________________________ boinc_dev mailing list [email protected] http://lists.ssl.berkeley.edu/mailman/listinfo/boinc_dev To unsubscribe, visit the above URL and (near bottom of page) enter your email address.
