Hello, I think GRANT right is needed, so xwiki db user can automatically assign rights to created databases, isn't it ? You have some ways to improve security, as using a strong password for xwiki db user, limiting login from this specific server only, etc... You could also give privilege needed to create new db only when you need it (ie, you want to create a subwiki), and remove them afterwards (supposing you control the subwiki creation process).
BR, Jeremie 2014-04-14 19:17 GMT+02:00 Guillaume Fenollar <[email protected]> : > Hello, > > Giving "ALL PRIVILEGES" doesn't give the GRANT option, so basically, if you > run this command, it will give xwiki user all the rights, but to that one > only. Beyond that, I don't see how the reload privilege could be dangerous > at all to give. > > The only way to make it more secure is to grant the rights for every > database, one by one. > > We used to meet people having issues during wikis creations, because of > lack of privileges, that's why the documentation directly advise to give > all privileges to everything. So of course, you can also pick the exclusive > rights you want to grant, but since you need to do that for every database, > it may be a bit long. > > Good luck > > Guillaume > > > 2014-04-14 9:43 GMT+02:00 Martin Hamant <[email protected]>: > > > Hi, > > > > It is mentioned in the documentation "Give all privileges to the xwiki > > user for accessing and creating databases" - because the user to be able > to > > create additional databases for sub-wikis ; but isn't it a little pushy > to > > give *all* the privileges (Grant, reload...) to the xwiki user ? > > > > How could I secure the xwiki mysql user account a little more ? > > _______________________________________________ > > users mailing list > > [email protected] > > http://lists.xwiki.org/mailman/listinfo/users > > > _______________________________________________ > users mailing list > [email protected] > http://lists.xwiki.org/mailman/listinfo/users > _______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users
