* kashani <[EMAIL PROTECTED]> wrote: > Some people prefer to give their webapps limited insert, update, and > delete access and it's likely that Mediawiki's updates require alter, > create, drop, and file access which might be why they say to use an > account with root privileges.
For larger (not web-only) applications I can understand giving several subsystems specific access via separate views. But for an monolithic web(-only)-app like mediawiki, its really useless. The worst damage an attacker can do is deleting or changing data, database ownership is not needed for that. Does anyone known some way (w/o crawling too deep in the code) for givinb mediawiki the ownership of the database and never ever require superuser privileges anymore ? cu -- --------------------------------------------------------------------- Enrico Weigelt == metux IT service - http://www.metux.de/ --------------------------------------------------------------------- Please visit the OpenSource QM Taskforce: http://wiki.metux.de/public/OpenSource_QM_Taskforce Patches / Fixes for a lot dozens of packages in dozens of versions: http://patches.metux.de/ --------------------------------------------------------------------- -- gentoo-user@gentoo.org mailing list
