Hello,
Is there a reason the default permissions on a newly created database is
read "R" for /all/ virtual servers?
This has 2 disadvantages
1) If the site-admin neglects to review permissions a potontial
malicious user can get data out of a database
through rxml code.
2) A site-admin has to manually click "N" for /every/ virtual server to
change permissions.
I'd say a good default is to have permissions set to N, so the
site-admin is both triggered to review this setting
because the database cannot be reached, and then can set it for the
appropriate virtual server.
Regards,
Marc
- Database permissions Marc Dirix
-
