Page 1 of 2

How dangerous is it to give Admin rights?

Posted: Sun May 29, 2005 2:14 pm
by Shantra
I am forced to give Admin rights to a member (looks trustable), but how dangerous is it? I know he can delete/edit forums and members.

I plan to make a cron job that takes a daily backup of the database. BTW, do you know of a good backup script?

Posted: Sun May 29, 2005 2:33 pm
by Darth Wong
Someone with admin rights can do virtually anything he wants to your board. You should only give such rights to someone you find trustworthy.

Posted: Sun May 29, 2005 2:51 pm
by *Bubbles*
why are you FORCED to give them rights? ^ as darth said "You should only give such rights to someone you find trustworthy" as they can do virtually anything...

Posted: Sun May 29, 2005 2:59 pm
by Lyrikal_J
^ i agree

If you dont trust them... Dont give it...

Even if you got a 'little' bad feeling about it..

any1 can 'look' trustable.. :)

Posted: Sun May 29, 2005 4:15 pm
by Shantra
Yes it it has to be a person I trust. But, is there anyway that the person can access the database or anything critical (beside phpBB)?

Posted: Sun May 29, 2005 4:39 pm
by Pezzoni
If you don't trust them implicitly, then don't give it to them. It sounds like you don't trust this person, and therefore they shouldn't be given admin rights.

Posted: Sun May 29, 2005 5:13 pm
by Shantra
100% trust is difficult, yes, but that's why I am planning to do daily cackups, just in case.

So, even by doing this (backup), you wouldn't give a person admin status?

Posted: Sun May 29, 2005 5:22 pm
by andrewb
You should ask yourself two questions:

- Do I trust this person enough to give him the same power as me?

- Does this person need to be an admin?

If 'yes' to both, then you should be fine.

Posted: Sun May 29, 2005 6:41 pm
by Blankety Blank Man
just giving someone adin powrs won't give them direct access to the database. they would need to log into the database with something like phpMyAdmin first.

as for how much damage they could do, you could try using the Junior Admin mod. I can't remember where it is, but try poking around for it. It will let you give them what powers you want them to have, but not all the powers of admin

Posted: Sun May 29, 2005 6:49 pm
by Magnotta
Shantra wrote: Yes it it has to be a person I trust. But, is there anyway that the person can access the database or anything critical (beside phpBB)?


Yes he can access the database. Simply go to the backup database part in the admin panel. Afterwards, they can make whatever changes they want, and then simply apply them by going to tghe restore database page and uploading their newly changed database file. See, it's easier than thought.

Posted: Sun May 29, 2005 7:34 pm
by drathbun
The question becomes... what does this person truly need to be able to do? You realize that they can access any user data, change any user passwords, delete any content, ban anyone, send out mass emails... there are more than a few things that the admin can do that I would hesitate to pass on to another person.

Posted: Sun May 29, 2005 7:49 pm
by Shantra
Looks like I'm not going to give away admin rights after all, it's too dangerous :) Thank you very much for your help!

Posted: Sun May 29, 2005 8:01 pm
by nuckfan15
Shantra wrote: Looks like I'm not going to give away admin rights after all, it's too dangerous :) Thank you very much for your help!


Were not saying dont give admin rights. Dont do it unless you want too. If someone happens to screw up your board, simply restore a backup.

Always make backups and you will be ok in the end.

Posted: Sun May 29, 2005 10:50 pm
by Arty
Blankety Blank Man wrote: just giving someone adin powrs won't give them direct access to the database. they would need to log into the database with something like phpMyAdmin first.

Nope. Admin can run any sql queries without using any external tools. That's what "restore database" function is for. Simply upload any sql file instead of database backup and those queries will be executed.

Posted: Sun May 29, 2005 11:32 pm
by BiDoU
As well, if a person has the administrator right on your board, he can download the database, and do anything with it, like obtain the md5 encrypted password of all users of your board and you can guest what can happen after that...

Some people use the same password for a discussion board and an hotmail account...


Don't give admin right to someone can do damage to your board and to the users of your board...

:)