[RCU] Minimum SQL Privileges Required

Fri, 02 May 2025 01:01:05 -0700 

Hi All,
I am enquiring as to the *minimum* privileges required by the RoundCube user to access the backend SQL (MariaDB) Server. 


Yes, I am aware that the Wiki says (on the Installation page) to use 
`GRANT ALL PRIVILEGES`, as do all of the On-Line Tutorials scattered 
across the Web. However, that is a *massive* security hole, especially 
if the backend server is *not* the same as the web server hosting 
RoundCube. Surely, for example, the RoundCube User does *not* need the 
ability to create other users or tables, drop the backend database, or 
grant privileges to other users.


Thus, I am enquiring what *are* the *minimum* privileges required?


I am going to assume - and please correct me if I am wrong - that the 
*required* privileges are:


 * DELETE, INSERT, SELECT, and UPDATE


If this information is available on-line, could someone please point me 
in the correct direction - if not, could one of the devs and/or one of 
the experienced RoundCube users please let me know this information - 
thank you.


Thanks in advance

Cheers

Dulux-Oz

--
PEREGRINE I.T. Pty Ltd Signature

==================================================

*Matthew J BLACK*
  M.Inf.Tech.(Data Comms)
  MBA
  B.Sc.
  MACS (Snr), CP, IP3P

When you want it done /right/ – the first time!

Phone:  +61 4 0411 0089
Email:  matt...@peregrineit.net <mailto:matt...@peregrineit.net>
Web:    www.peregrineit.net <http://www.peregrineit.net>


View Matthew J BLACK’s profile on LinkedIn 
<https://au.linkedin.com/in/mjblack>



This Email is intended only for the addressee. Its use is limited to 
that intended by the author at the time and it is not to be distributed 
without the author’s consent. You must not use or disclose the contents 
of this Email, or add the sender’s Email address to any database, list, 
or mailing list unless you are expressly authorised to do so. Unless 
otherwise stated, PEREGRINE I.T. Pty Ltd accepts no liability for the 
contents of this Email except where subsequently confirmed in writing. 
The opinions expressed in this Email are those of the author and do not 
necessarily represent the views of PEREGRINE I.T. Pty Ltd. This Email is 
confidential and may be subject to a claim of legal privilege.



If you have received this Email in error, please notify the author and 
delete this message immediately.



BEGIN:VCARD
VERSION:4.0
N:Black;Matthew J;;;
FN:Matthew J Black
EMAIL;PREF=1;TYPE=work:matt...@peregrineit.net
URL;TYPE=work:https://www.peregrineit.net
ADR:;;11 Bailey Avenue;East Tamworth;NSW;2340;Australia
TEL;TYPE=cell;VALUE=TEXT:0404110089
TZ:Australia/Sydney
TITLE:Principal
ROLE:CEO/CIO
ORG:PEREGRINE I.T. Pty Ltd
BDAY;VALUE=DATE:19680928
END:VCARD

_______________________________________________
Users mailing list -- users@lists.roundcube.net
To unsubscribe send an email to users-le...@lists.roundcube.net






















					Reply via email to