-
-
Notifications
You must be signed in to change notification settings - Fork 4.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ability to change Database prefix in Installation Process #631
Comments
Not the same, but at least similar to #527 |
|
The problem is, that some table names already reach the 30 char limit of one of the supported DBMS with the 3 character prefix. So if an option is added, it can only be 3 characters long. However, the best practice advice is to use one database per installation, then you don't need to change the prefix. So I will close this, since oc/nc is handled in #527 and the other thing can not be fixed. |
but what is with a user defined option? if the User know that his database had not this limit it would be the best if he could change it on the start and not write a long alter script |
why would you even want to change it, it's only 3 characters somewhere in your backup, nothing you really should care about. |
if there is a SQL Injection, the hacker must not guess the prefix of the tables and can run Scripts without further research |
This would not really enhance the security. You can get table names very easily by executing an additional query. Afterwards you can extract the table prefix and you're done. For someone, who already managed to get SQL access to your database, this would be no hurdle. |
So why do we need the prefix at all? You can only manually modify the prefix of the table names and then change the |
Well it's hard to remove it and also hard to fully implement it, which is why we are stuck in the current situation. |
It would be very good if the Table Prefix for the database could be changed in the Installation Process.
The best practice would be some random nonce per default.
Currently:
oc_%tablename%
Best Practice
oc%random_nonce%_%tablename%
or user definedThe text was updated successfully, but these errors were encountered: