How dangerous is it to give Admin rights?

The 2.0.x discussion forum has been locked; this will remain read-only. The 3.0.x discussion forum has been renamed phpBB Discussion.
Shantra
Registered User
Posts: 59
Joined: Thu Jul 05, 2001 8:42 pm
Location: Norway

How dangerous is it to give Admin rights?

Post by Shantra » Sun May 29, 2005 2:14 pm

I am forced to give Admin rights to a member (looks trustable), but how dangerous is it? I know he can delete/edit forums and members.

I plan to make a cron job that takes a daily backup of the database. BTW, do you know of a good backup script?

Darth Wong
Registered User
Posts: 2398
Joined: Wed Jul 03, 2002 5:20 am
Location: Toronto, Canada
Contact:

Post by Darth Wong » Sun May 29, 2005 2:33 pm

Someone with admin rights can do virtually anything he wants to your board. You should only give such rights to someone you find trustworthy.
Not a three-foot tall green gnome in real-life: My home page.
My wretched hive of scum and villainy: http://bbs.stardestroyer.net/

*Bubbles*
Registered User
Posts: 18
Joined: Sun May 29, 2005 1:42 pm
Contact:

Post by *Bubbles* » Sun May 29, 2005 2:51 pm

why are you FORCED to give them rights? ^ as darth said "You should only give such rights to someone you find trustworthy" as they can do virtually anything...
*Hidden_Gem* aka Bubbles / PrincessBubbles

Lyrikal_J
Registered User
Posts: 287
Joined: Thu Nov 25, 2004 5:50 pm
Location: London

Post by Lyrikal_J » Sun May 29, 2005 2:59 pm

^ i agree

If you dont trust them... Dont give it...

Even if you got a 'little' bad feeling about it..

any1 can 'look' trustable.. :)

Shantra
Registered User
Posts: 59
Joined: Thu Jul 05, 2001 8:42 pm
Location: Norway

Post by Shantra » Sun May 29, 2005 4:15 pm

Yes it it has to be a person I trust. But, is there anyway that the person can access the database or anything critical (beside phpBB)?

Pezzoni
Registered User
Posts: 706
Joined: Sat Nov 16, 2002 8:25 pm
Contact:

Post by Pezzoni » Sun May 29, 2005 4:39 pm

If you don't trust them implicitly, then don't give it to them. It sounds like you don't trust this person, and therefore they shouldn't be given admin rights.

Shantra
Registered User
Posts: 59
Joined: Thu Jul 05, 2001 8:42 pm
Location: Norway

Post by Shantra » Sun May 29, 2005 5:13 pm

100% trust is difficult, yes, but that's why I am planning to do daily cackups, just in case.

So, even by doing this (backup), you wouldn't give a person admin status?

andrewb
Registered User
Posts: 12
Joined: Sun May 29, 2005 5:18 pm

Post by andrewb » Sun May 29, 2005 5:22 pm

You should ask yourself two questions:

- Do I trust this person enough to give him the same power as me?

- Does this person need to be an admin?

If 'yes' to both, then you should be fine.
Is this my signature?

Blankety Blank Man
Registered User
Posts: 881
Joined: Wed Mar 30, 2005 3:54 am

Post by Blankety Blank Man » Sun May 29, 2005 6:41 pm

just giving someone adin powrs won't give them direct access to the database. they would need to log into the database with something like phpMyAdmin first.

as for how much damage they could do, you could try using the Junior Admin mod. I can't remember where it is, but try poking around for it. It will let you give them what powers you want them to have, but not all the powers of admin

Magnotta
Former Team Member
Posts: 1093
Joined: Fri Oct 17, 2003 4:16 am
Location: Ontario

Post by Magnotta » Sun May 29, 2005 6:49 pm

Shantra wrote: Yes it it has to be a person I trust. But, is there anyway that the person can access the database or anything critical (beside phpBB)?


Yes he can access the database. Simply go to the backup database part in the admin panel. Afterwards, they can make whatever changes they want, and then simply apply them by going to tghe restore database page and uploading their newly changed database file. See, it's easier than thought.

User avatar
drathbun
Former Team Member
Posts: 12204
Joined: Thu Jun 06, 2002 3:51 pm
Location: TOPICS_TABLE
Contact:

Post by drathbun » Sun May 29, 2005 7:34 pm

The question becomes... what does this person truly need to be able to do? You realize that they can access any user data, change any user passwords, delete any content, ban anyone, send out mass emails... there are more than a few things that the admin can do that I would hesitate to pass on to another person.
I blog about phpBB: phpBBDoctor blog
Still using phpbb2? So am I! Click below for details
Image

Shantra
Registered User
Posts: 59
Joined: Thu Jul 05, 2001 8:42 pm
Location: Norway

Post by Shantra » Sun May 29, 2005 7:49 pm

Looks like I'm not going to give away admin rights after all, it's too dangerous :) Thank you very much for your help!

User avatar
nuckfan15
Registered User
Posts: 1849
Joined: Fri Jul 09, 2004 4:46 am
Location: Vancouver, BC
Name: Travis

Post by nuckfan15 » Sun May 29, 2005 8:01 pm

Shantra wrote: Looks like I'm not going to give away admin rights after all, it's too dangerous :) Thank you very much for your help!


Were not saying dont give admin rights. Dont do it unless you want too. If someone happens to screw up your board, simply restore a backup.

Always make backups and you will be ok in the end.
Travis aka Nuckfan15 - No Private Support
Make use of the Support Request Template when seeking support.

User avatar
Arty
Former Team Member
Posts: 16654
Joined: Wed Mar 06, 2002 2:36 pm
Name: Vjacheslav Trushkin
Contact:

Post by Arty » Sun May 29, 2005 10:50 pm

Blankety Blank Man wrote: just giving someone adin powrs won't give them direct access to the database. they would need to log into the database with something like phpMyAdmin first.

Nope. Admin can run any sql queries without using any external tools. That's what "restore database" function is for. Simply upload any sql file instead of database backup and those queries will be executed.
Vjacheslav Trushkin / Arty.
Free phpBB 3.1 styles | New project: Iconify - modern SVG framework

BiDoU
Registered User
Posts: 1
Joined: Sun Dec 21, 2003 5:27 am
Contact:

Post by BiDoU » Sun May 29, 2005 11:32 pm

As well, if a person has the administrator right on your board, he can download the database, and do anything with it, like obtain the md5 encrypted password of all users of your board and you can guest what can happen after that...

Some people use the same password for a discussion board and an hotmail account...


Don't give admin right to someone can do damage to your board and to the users of your board...

:)

Locked

Return to “2.0.x Discussion”