<![CDATA[ sql injection - MODX Community Forums]]> https://forums.modx.com/thread/?thread=86745 <![CDATA[Re: sql injection]]> https://forums.modx.com/thread/86745/sql-injection#dis-post-478111
SELECT, INSERT, UPDATE, DELETE for data, CREATE, ALTER, INDEX, DROP for tables, and possibly CREATE TEMPORARY TABLES.

2. We certainly expect so! You should subscribe to the notices newsletter just in case, though. http://forums.modx.com/thread/251/security-notice-subscription-options#dis-post-1649]]>
sottwell Sep 18, 2013, 03:06 PM https://forums.modx.com/thread/86745/sql-injection#dis-post-478111
<![CDATA[Re: sql injection]]> https://forums.modx.com/thread/86745/sql-injection#dis-post-478085
  • and is it necessary to give all the permissions in MySQL to run MODX
  • thanks. If i use snippets and plugins from modx-site, then there wil be no problem?
  • ]]>
    tomvanminnebruggen Sep 18, 2013, 11:51 AM https://forums.modx.com/thread/86745/sql-injection#dis-post-478085
    <![CDATA[Re: sql injection]]> https://forums.modx.com/thread/86745/sql-injection#dis-post-478084
    2. Yes, with the caution that it is possible to write snippets and plugins with PHP code that itself is not secure. For that reason, Evo has the option of preventing Manager users from using the @EVAL feature of TVs.]]>
    sottwell Sep 18, 2013, 11:41 AM https://forums.modx.com/thread/86745/sql-injection#dis-post-478084
    <![CDATA[sql injection]]> https://forums.modx.com/thread/86745/sql-injection#dis-post-478082
    The databaseuser of the database in phpmyadmin has full rights in phpmyadmin (alter, create routine, drop, index, lock tables, select, update, delete, execute, ...)

    2 question:


    1. Is it necessary to give the databaseuser all this rights to install modx, ...
    2. is modx evolution protected against sql-injection?


    thanks]]>
    tomvanminnebruggen Sep 18, 2013, 11:12 AM https://forums.modx.com/thread/86745/sql-injection#dis-post-478082