r1053 MediaWiki - Code Review archive

Repository:MediaWiki
Revision:r1052‎ | r1053 | r1054 >
Date:18:15, 1 January 2003
Author:vibber
Status:old
Tags:
Comment:
Create separate mysql user for Asksql which can't read emails or passwords from user table or make changes
Modified paths:
  • /trunk/phpwiki/newcodebase/DatabaseFunctions.php (modified) (history)
  • /trunk/phpwiki/newcodebase/DefaultSettings.php (modified) (history)
  • /trunk/phpwiki/newcodebase/LocalSettings.php (modified) (history)
  • /trunk/phpwiki/newcodebase/SpecialAsksql.php (modified) (history)
  • /trunk/phpwiki/newcodebase/maintenance/buildusers.sql (modified) (history)

Diff [purge]

Index: trunk/phpwiki/newcodebase/maintenance/buildusers.sql
@@ -1,9 +1,11 @@
22 # MySQL script to create required database users
33 # with proper access rights. Must be run as root!
4 -# Replace "wikidb", "adminpass", and "userpass"
 4+# Replace "wikidb", "adminpass", "sqlpass", "userpass"
55 # with your local settings.
66 #
 7+# FIXME: this script should be more automated
78
 9+
810 GRANT ALL ON wikidb.*
911 TO wikiadmin@'%' IDENTIFIED BY 'adminpass';
1012 GRANT ALL ON wikidb.*
@@ -17,3 +19,57 @@
1820 TO wikiuser@localhost IDENTIFIED BY 'userpass';
1921 GRANT DELETE,INSERT,SELECT,UPDATE ON wikidb.*
2022 TO wikiuser@localhost.localdomain IDENTIFIED BY 'userpass';
 23+
 24+# wikisql user is for direct sql queries by sysops
 25+# We don't want to give out e-mails or passwords on
 26+# a public site where sysops are only _mostly_ trusted.
 27+GRANT SELECT (user_id,user_name,user_rights,user_options,user_newtalk) on wikidb.user
 28+TO wikisql@'%' IDENTIFIED BY 'sqlpass';
 29+GRANT SELECT on wikidb.cur TO wikisql@'%' IDENTIFIED BY 'sqlpass';
 30+GRANT SELECT on wikidb.old TO wikisql@'%' IDENTIFIED BY 'sqlpass';
 31+GRANT SELECT on wikidb.archive TO wikisql@'%' IDENTIFIED BY 'sqlpass';
 32+GRANT SELECT on wikidb.links TO wikisql@'%' IDENTIFIED BY 'sqlpass';
 33+GRANT SELECT on wikidb.brokenlinks TO wikisql@'%' IDENTIFIED BY 'sqlpass';
 34+GRANT SELECT on wikidb.imagelinks TO wikisql@'%' IDENTIFIED BY 'sqlpass';
 35+GRANT SELECT on wikidb.site_stats TO wikisql@'%' IDENTIFIED BY 'sqlpass';
 36+GRANT SELECT on wikidb.ipblocks TO wikisql@'%' IDENTIFIED BY 'sqlpass';
 37+GRANT SELECT on wikidb.image TO wikisql@'%' IDENTIFIED BY 'sqlpass';
 38+GRANT SELECT on wikidb.oldimage TO wikisql@'%' IDENTIFIED BY 'sqlpass';
 39+GRANT SELECT on wikidb.random TO wikisql@'%' IDENTIFIED BY 'sqlpass';
 40+GRANT SELECT on wikidb.recentchanges TO wikisql@'%' IDENTIFIED BY 'sqlpass';
 41+GRANT SELECT on wikidb.watchlist TO wikisql@'%' IDENTIFIED BY 'sqlpass';
 42+GRANT SELECT on wikidb.math TO wikisql@'%' IDENTIFIED BY 'sqlpass';
 43+
 44+GRANT SELECT (user_id,user_name,user_rights,user_options,user_newtalk) on wikidb.user
 45+TO wikisql@localhost IDENTIFIED BY 'sqlpass';
 46+GRANT SELECT on wikidb.cur TO wikisql@localhost IDENTIFIED BY 'sqlpass';
 47+GRANT SELECT on wikidb.old TO wikisql@localhost IDENTIFIED BY 'sqlpass';
 48+GRANT SELECT on wikidb.archive TO wikisql@localhost IDENTIFIED BY 'sqlpass';
 49+GRANT SELECT on wikidb.links TO wikisql@localhost IDENTIFIED BY 'sqlpass';
 50+GRANT SELECT on wikidb.brokenlinks TO wikisql@localhost IDENTIFIED BY 'sqlpass';
 51+GRANT SELECT on wikidb.imagelinks TO wikisql@localhost IDENTIFIED BY 'sqlpass';
 52+GRANT SELECT on wikidb.site_stats TO wikisql@localhost IDENTIFIED BY 'sqlpass';
 53+GRANT SELECT on wikidb.ipblocks TO wikisql@localhost IDENTIFIED BY 'sqlpass';
 54+GRANT SELECT on wikidb.image TO wikisql@localhost IDENTIFIED BY 'sqlpass';
 55+GRANT SELECT on wikidb.oldimage TO wikisql@localhost IDENTIFIED BY 'sqlpass';
 56+GRANT SELECT on wikidb.random TO wikisql@localhost IDENTIFIED BY 'sqlpass';
 57+GRANT SELECT on wikidb.recentchanges TO wikisql@localhost IDENTIFIED BY 'sqlpass';
 58+GRANT SELECT on wikidb.watchlist TO wikisql@localhost IDENTIFIED BY 'sqlpass';
 59+GRANT SELECT on wikidb.math TO wikisql@localhost IDENTIFIED BY 'sqlpass';
 60+
 61+GRANT SELECT (user_id,user_name,user_rights,user_options,user_newtalk) on wikidb.user
 62+TO wikisql@localhost.localdomain IDENTIFIED BY 'sqlpass';
 63+GRANT SELECT on wikidb.cur TO wikisql@localhost.localdomain IDENTIFIED BY 'sqlpass';
 64+GRANT SELECT on wikidb.old TO wikisql@localhost.localdomain IDENTIFIED BY 'sqlpass';
 65+GRANT SELECT on wikidb.archive TO wikisql@localhost.localdomain IDENTIFIED BY 'sqlpass';
 66+GRANT SELECT on wikidb.links TO wikisql@localhost.localdomain IDENTIFIED BY 'sqlpass';
 67+GRANT SELECT on wikidb.brokenlinks TO wikisql@localhost.localdomain IDENTIFIED BY 'sqlpass';
 68+GRANT SELECT on wikidb.imagelinks TO wikisql@localhost.localdomain IDENTIFIED BY 'sqlpass';
 69+GRANT SELECT on wikidb.site_stats TO wikisql@localhost.localdomain IDENTIFIED BY 'sqlpass';
 70+GRANT SELECT on wikidb.ipblocks TO wikisql@localhost.localdomain IDENTIFIED BY 'sqlpass';
 71+GRANT SELECT on wikidb.image TO wikisql@localhost.localdomain IDENTIFIED BY 'sqlpass';
 72+GRANT SELECT on wikidb.oldimage TO wikisql@localhost.localdomain IDENTIFIED BY 'sqlpass';
 73+GRANT SELECT on wikidb.random TO wikisql@localhost.localdomain IDENTIFIED BY 'sqlpass';
 74+GRANT SELECT on wikidb.recentchanges TO wikisql@localhost.localdomain IDENTIFIED BY 'sqlpass';
 75+GRANT SELECT on wikidb.watchlist TO wikisql@localhost.localdomain IDENTIFIED BY 'sqlpass';
 76+GRANT SELECT on wikidb.math TO wikisql@localhost.localdomain IDENTIFIED BY 'sqlpass';
Index: trunk/phpwiki/newcodebase/SpecialAsksql.php
@@ -54,13 +54,15 @@
5555 {
5656 global $wgOut, $wgUser, $wgServer, $wgScript, $wgArticlePath;
5757 global $wpSqlQuery;
 58+ global $wgDBsqluser, $wgDBsqlpassword;
5859
5960 if ( ! $wgUser->isDeveloper() ) {
60 - if ( 0 != strcmp( "select", strtolower(
61 - substr( $wpSqlQuery, 0, 6 ) ) ) ) {
62 - $this->showForm( wfMsg( "selectonly" ) );
63 - return;
64 - }
 61+ #if ( 0 != strcmp( "select", strtolower(
 62+ # substr( $wpSqlQuery, 0, 6 ) ) ) ) {
 63+ # $this->showForm( wfMsg( "selectonly" ) );
 64+ # return;
 65+ #}
 66+ $connection = wfGetDB( $wgDBsqluser, $wgDBsqlpassword );
6567 }
6668 $res = wfQuery( $wpSqlQuery, "SpecialAsksql::doSubmit" );
6769
Index: trunk/phpwiki/newcodebase/LocalSettings.php
@@ -24,8 +24,9 @@
2525 $wgDBname = "wikidb";
2626 $wgDBuser = "wikiuser";
2727 $wgDBpassword = "userpass";
28 -$wgDBadminpassword = "adminpass";
29 -$wgDBminWordLen = 3;
 28+$wgDBadminpassword = "adminpass"; # Only needed for admin works
 29+$wgDBsqluser = "sqlpass"; # For read-only sql queries by sysops
 30+$wgDBminWordLen = 3; # Match this to your MySQL fulltext
3031
3132 # Turn this on during database maintenance
3233 #
Index: trunk/phpwiki/newcodebase/DefaultSettings.php
@@ -22,6 +22,8 @@
2323 $wgDBuser = "wikiuser";
2424 $wgDBpassword = "userpwd";
2525 $wgDBconnection = "";
 26+$wgDBsqluser = "wikisql";
 27+$wgDBsqlpassword = "sqlpass";
2628
2729 $wgReadOnlyFile = "/usr/local/apache/htdocs/upload/dblockflag838942";
2830 $wgDebugComments = false;
Index: trunk/phpwiki/newcodebase/DatabaseFunctions.php
@@ -4,7 +4,7 @@
55
66 $wgLastDatabaseQuery = "";
77
8 -function wfGetDB()
 8+function wfGetDB( $altuser = "", $altpassword = "" )
99 {
1010 global $wgDBserver, $wgDBuser, $wgDBpassword;
1111 global $wgDBname, $wgDBconnection;
@@ -14,6 +14,13 @@
1515 $helpme = "\n<p>If this error persists after reloading and clearing your browser cache,
1616 please notify the <a href=\"mailto:wikidown@bomis.com\">Wikipedia developers</a>.</p>";
1717
 18+ if ( $altuser != "" ) {
 19+ $wgDBconnection = mysql_connect( $wgDBserver, $altuser, $altpassword )
 20+ or die( "bad sql user" );
 21+ mysql_select_db( $wgDBname, $wgDBconnection ) or die(
 22+ htmlspecialchars(mysql_error()) );
 23+ }
 24+
1825 if ( ! $wgDBconnection ) {
1926 $wgDBconnection = mysql_pconnect( $wgDBserver, $wgDBuser,
2027 $wgDBpassword ) or die( $noconn .

Status & tagging log