2

As part of the Symfony set up, I need to perform this task:

php app/console doctrine:schema:update --force

Which fails if the user I specify in app/config/parameters.ini does not have all privileges. Fair enough, because if you want to update the schema, you would need sufficient privileges to be able to restricted operations such as dropping/ altering tables.

However, what concerns me is that in regular usage of the app, this same database user is also going to be used. I see this as a security vulnerability.

How should I avoid this?

--

Extra info:

Symfony 2 : multiple and dynamic database connection

This question shows me how I can specify multiple databases for Symfony to use. Would this be of use to me? I don't really need to be able to switch between databases, but just be able to specify that the app, when running uses a restricted user; however, in systems administration time, I need to be able to use root privilege.

Community
  • 1
  • 1
bguiz
  • 27,371
  • 47
  • 154
  • 243

1 Answers1

2

In config.yml, use the root user. This will work from the console and from dev mode.

    doctrine:
          dbal:
             driver:   %database_driver%
             host:     %database_host%
             port:     %database_port%
             dbname:   %database_name%
             user:     root
             password: pw
             charset:  UTF8

In config_prod.yml, add that same block of config but change the username/password. Then, when the app is running in production mode, it will use the less-privileged user.

Lusitanian
  • 11,012
  • 1
  • 41
  • 38