Founder Admin

[hmueller]

Hello,

how does the founder-admin function work?
I have seen that their is a "founder" field in users-table.

What happens when an admin (who has db-access) changes this value?
--> Can he change the founder-admin to an "normal" admin simply by changing this in DB?

[liquid_eagle]

i've seen this too, and i believe that the founder won't be able to have their admin status removed my other admins... well, that's what i think.

And yes, anyone with access to the database, and correct permissions could change this value.

[TheMole]

Anyone with database access can change *anything*

[hmueller]

Hello,

I think that this is not so good.
The existing founder-admin-Mods work different, see here:

Code: Select all

// Keep Main Admin An Admin 
  // 
  $sql = "UPDATE " . USERS_TABLE . " 
     SET user_level = 1 
  WHERE user_id = 2"; 
  if (!$db->sql_query($sql)) 
  { 
        message_die(GENERAL_MESSAGE, 'Unable to access the Users Table.'); 
  }

Even if somebody changes the admin-status in the users-table, it will be "re-changed" by this code.
What is easier? Changing the founder-admin-status in user-table or searching for this code and removing that?

Existing founder-admin-Mods are Hacks No. 355, 742 and 939 at phpbbhacks.com

[psoTFX]

argh! We DO NOT add Mods to phpBB.

I see no point in what that Mod does ... if an admin gives somoene else, someone unreliable access to their DB they deserve all they get. Running a board requires a modicum of common sense. That includes giving admin and worse, db access rights only to those people you trust implicitly.

[beeurd]

Hmm, I wouldn't give DB access to anyone.

[TheMole]

I have two other admin's for day to day running, but only I have access to the FTP account and database account.

[hmueller]

Hello,

of course it is right that nobody else should have database-access. But this is not always possible.
Example1: when the webmaster of the server is also admin...
Example2: many large boards have more admins ("backup-admin"): e.g. the admin gets ill and is in hospital for weeks...

I think that the founder-admin as I descriped in the code-extract above is better then the database-related way.

[psoTFX]

And you're missing the point completely ... you only give DB access to those you trust. If you do that then you will have no problems. If you give access to some little cretin who thinks it's fun to remove founder status then what makes you think they will stop there?

[Roberdin]

psoTFX wrote:
And you're missing the point completely ... you only give DB access to those you trust. If you do that then you will have no problems.

There is a fatal flaw in that logic: You assume that your trust is well placed - people who worm their way into others' trust are certainly not unheard of. Therefore, there are some very simple rules that you can use to ensure you are completely safe:

1. NEVER EVER give a user that u don't know in real life access to your DB. (Unless, of course, it's part of a webdeisgn contract, or similar.)

2. If you have FTP setup, always ensure that you are the owner of the config.php file, and all other users (who are obv on different accounts to you) don't have any access to it. Public is Read only, Group is none, Owner is all

3. Keep your password safe!

Quite simple. Then you always have a 'back-door', so to speak.