[Phpwebsite-developers] Security Suggestion

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

I think there should be a configuration option to set up 3 SQL users. 
One user that has the ability to create and drop databases, one user 
who has the ability to read/insert/update/delete rows from tables, and 
another user who has the ability to create/drop tables. The reason for 
this is what is malicious user where to type into a form field SQL code 
to drop a table? Even better yet, drop a database! That wouldn't be 
very fun... So my suggestion is when using the core's sqlInsert 
function for example should use the user account that can 
read/insert/and only update tables. When installing a mod and usually 
using sqlImport function should call upon the user who can only create 
and drop databases. Of course since some people on their hosting 
providers can only have one SQL user on databases like MySQL that has 
full control over their database which means the system should 
automatically check if the other users exist and if not, use the the 
default user account provided. Many companies practice this as a 
security rule of thumb and I think this CMS should do so also.

Let me know you feed back :-)

Best Regards,

Richard Sumilang