How dangerous is it to give Admin rights?

[Shantra]

I am forced to give Admin rights to a member (looks trustable), but how dangerous is it? I know he can delete/edit forums and members.

I plan to make a cron job that takes a daily backup of the database. BTW, do you know of a good backup script?

[Darth Wong]

Someone with admin rights can do virtually anything he wants to your board. You should only give such rights to someone you find trustworthy.

[*Bubbles*]

why are you FORCED to give them rights? ^ as darth said "You should only give such rights to someone you find trustworthy" as they can do virtually anything...

[Lyrikal_J]

^ i agree

If you dont trust them... Dont give it...

Even if you got a 'little' bad feeling about it..

any1 can 'look' trustable..

[Shantra]

Yes it it has to be a person I trust. But, is there anyway that the person can access the database or anything critical (beside phpBB)?

[Pezzoni]

If you don't trust them implicitly, then don't give it to them. It sounds like you don't trust this person, and therefore they shouldn't be given admin rights.

[Shantra]

100% trust is difficult, yes, but that's why I am planning to do daily cackups, just in case.

So, even by doing this (backup), you wouldn't give a person admin status?

[andrewb]

You should ask yourself two questions:

- Do I trust this person enough to give him the same power as me?

- Does this person need to be an admin?

If 'yes' to both, then you should be fine.

[Blankety Blank Man]

just giving someone adin powrs won't give them direct access to the database. they would need to log into the database with something like phpMyAdmin first.

as for how much damage they could do, you could try using the Junior Admin mod. I can't remember where it is, but try poking around for it. It will let you give them what powers you want them to have, but not all the powers of admin

[Magnotta]

Yes it it has to be a person I trust. But, is there anyway that the person can access the database or anything critical (beside phpBB)?

Yes he can access the database. Simply go to the backup database part in the admin panel. Afterwards, they can make whatever changes they want, and then simply apply them by going to tghe restore database page and uploading their newly changed database file. See, it's easier than thought.

[drathbun]

The question becomes... what does this person truly need to be able to do? You realize that they can access any user data, change any user passwords, delete any content, ban anyone, send out mass emails... there are more than a few things that the admin can do that I would hesitate to pass on to another person.

[Shantra]

Looks like I'm not going to give away admin rights after all, it's too dangerous Thank you very much for your help!

[nuckfan15]

Looks like I'm not going to give away admin rights after all, it's too dangerous Thank you very much for your help!

Were not saying dont give admin rights. Dont do it unless you want too. If someone happens to screw up your board, simply restore a backup.

Always make backups and you will be ok in the end.

[Arty]

just giving someone adin powrs won't give them direct access to the database. they would need to log into the database with something like phpMyAdmin first.

Nope. Admin can run any sql queries without using any external tools. That's what "restore database" function is for. Simply upload any sql file instead of database backup and those queries will be executed.

[BiDoU]

As well, if a person has the administrator right on your board, he can download the database, and do anything with it, like obtain the md5 encrypted password of all users of your board and you can guest what can happen after that...

Some people use the same password for a discussion board and an hotmail account...


Don't give admin right to someone can do damage to your board and to the users of your board...