From: Roland Hieber Date: Thu, 18 Feb 2010 17:23:42 +0000 (+0100) Subject: migration to db_user to prevent sql injections X-Git-Tag: REL_10.02.18~2 X-Git-Url: https://git.rohieb.name/iserv-mod-error-reporter.git/commitdiff_plain/a17a8d5e2641a8d5b6e0a87dcc5d99f56648a295 migration to db_user to prevent sql injections --- diff --git a/sql/mod_error-reporter.sql b/sql/mod_error-reporter.sql index 00ebb91..5551a14 100644 --- a/sql/mod_error-reporter.sql +++ b/sql/mod_error-reporter.sql @@ -25,6 +25,8 @@ -- THE SOFTWARE. -- +CREATE USER errorreporter; + CREATE TABLE mod_errorreporter ( er_uid SERIAL NOT NULL PRIMARY KEY, er_date TIMESTAMP WITHOUT TIME ZONE NOT NULL, @@ -40,6 +42,9 @@ CREATE TABLE mod_errorreporter ( er_hidden BOOL ); -GRANT SELECT, INSERT, UPDATE, DELETE ON mod_errorreporter TO webusr, webadm; -GRANT SELECT, UPDATE ON mod_errorreporter_er_uid_seq TO webusr, webadm; +GRANT SELECT, INSERT, UPDATE, DELETE ON mod_errorreporter TO errorreporter; +GRANT SELECT, UPDATE ON mod_errorreporter_er_uid_seq TO errorreporter; +GRANT SELECT ON users TO errorreporter; +GRANT SELECT, INSERT ON log_module TO errorreporter; +GRANT INSERT ON log TO errorreporter; diff --git a/src/config.php b/src/config.php index 52ba154..dfc09c1 100644 --- a/src/config.php +++ b/src/config.php @@ -33,6 +33,8 @@ require_once("ctrl.inc"); require_once("db.inc"); require_once("sec/admsecure.inc"); +db_user("errorreporter"); + html_header("