If people wanted to dump their DB, there are more appropriate ways of “dumping” it that are built into the MySQL.
Your method will only work if the SQL User has access to the levels it needs based on permissions.
The smart people out there will have a SQL user login that is restricted to SELECT, INSERT, UPDATE and DELETE. Maybe even FILE. Listed as the connection user for FiveM.
I am not trying to discredit your work.
I am just trying to get people to realise there are vulnerabilities to your method that can cause major issues.
Hey I’m pretty new to SQL administration. Care to explain what you mean by having a user login with only those permissions for backing up the DB? I understand what you mean just don’t understand the logic behind it. Thanks!
Note quite right as the user accessing thr DB has nothing to do with backups, its just this script in particular uses CREATE, and thats a higher level permission, I know the vast majority of servers out there with people such as yourself don’t know too much, so they probably use root as default not caring too much about it.
This means, someone can just manipulate the SQL Query because its not even using the parameters within the code.
Now, it is only server side, so unless a client knew the server had it on it and the name of the database, there probably isnt much risk.
But every MySQL host has built in features for dumping backups and should be used rather than relying on a resource…
Note quite right as the user accessing thr DB has nothing to do with backups, its just this script in particular uses CREATE, and thats a higher level permission, I know the vast majority of servers out there with people such as yourself don’t know too much, so they probably use root as default not caring too much about it.
Makes total sense, thanks for explaining it. I appreciate it