That's a great idea (& one I was aware of - thanks) but that doesn't answer my question :-)
Unless you are implying that my assumption was correct (ie DELETE, INSERT, SELECT, and UPDATE ).
On 2/5/25 18:37, Reindl Harald (privat) wrote:
you can specifiy even two users to seperate read-only and writes
$rcmail_config['db_dsnw'] = 'mysqli://roundcube_rw:*****@127.0.0.1:3306/roundcube_db'; $rcmail_config['db_dsnr'] = 'mysqli://roundcube_ro:*****@127.0.0.1:3306/roundcube_db';
Am 02.05.25 um 10:00 schrieb Matthew J Black:
Hi All,
I am enquiring as to the *minimum* privileges required by the RoundCube user to access the backend SQL (MariaDB) Server.
Yes, I am aware that the Wiki says (on the Installation page) to use
GRANT ALL PRIVILEGES, as do all of the On-Line Tutorials scattered across the Web. However, that is a *massive* security hole, especially if the backend server is *not* the same as the web server hosting RoundCube. Surely, for example, the RoundCube User does *not* need the ability to create other users or tables, drop the backend database, or grant privileges to other users.Thus, I am enquiring what *are* the *minimum* privileges required?
I am going to assume - and please correct me if I am wrong - that the *required* privileges are:
* DELETE, INSERT, SELECT, and UPDATE
If this information is available on-line, could someone please point me in the correct direction - if not, could one of the devs and/or one of the experienced RoundCube users please let me know this information - thank you.
-
Matthew J Black