I have just installed Snitz (Might good bit of software it is too) but I used my dbo user to do it so as it had enough permissions to put in the new tables. Now that I am running the forum I want to make sure that I use a user that doesn't have more permissions than is neccesary.
Would I be right in thinking that the user just needs Select, Insert, Update and Delete on the tables and no special permissions at all on the db? Any particular tables that shouldn't have delete etc?
Yes, they work fine but the problem with that is you will almost always end up giving too many permissions if you do it that way. Always prefer to work with stored procedures as you are only giving exactly the permissions required. Suppose I could go about re-writing all the calls from the asp pages, but I get the feeling that would be a lot of hassle.
Think I'll just leave it as it is. I shouldn't need to be overly cautious about a forum anyway. I'll just have to make sure I have good backups.
Topic Locked
Posted - 20 January 2004 : 06:43:23
