![]() ![]() ![]() The only other thing left to do is configure WordPress to pick the right database user. If you don’t allow comments on the blog, you can even remove the INSERT functionality, though I haven’t tested this one and don’t know if anything else would break. Since I have comments enabled, I had to give the public user the INSERT privilege, but at least I have taken away the 10 extra privs away from it. We also need to assign the proper privileges/permissions (after all this is the main idea):Īdmin -> db: ![]() Here is what I have done that should give you basic level of privilege separation with just a simple WordPress tweak.įirst, you need to have the two separate database users - admin and public. I looked around for a convenient mailing list to post my idea to and unfortunately I couldn’t find one, so I gave up on trying to message the idea directly to WordPress developers, but now I’ve decided to at least post it for people to take advantage of it. This will launch the UI used to manage the certificate. Few months ago I did it for my blog, since I don’t see a valid reason why anyone coming across the Internet needs to have “drop table” privilege or similar on my blog’s database. You need to run the certmgr.msc utility (either through Start->Run/Search or from a command prompt). Just enter the desired snap-in name and press Enter: certlm. For the local computer, you must run the console using elevated credentials. Accessibility Controls- access.cpl Add Hardware Wizard- hdwwiz.cpl Add/Remove Programs- appwiz.cpl Administrative Tools- control. I don’t know the reason to be honest, as this is one of the basic rules of security. You can begin from the Start menu, a Run dialog, or a command prompt. Why doesn’t WordPress implement privilege separation in their blog engine? After all it is fairly simple and can be implemented in a few lines of code. go to the certificates section and click View Certificates. A recent retweet by Jeremiah Grossman got me thinking. Trusting the VVV Root Certificate in Firefox go to options, and under Privacy & Security. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |