Upgraded phpmyadmin to 4.0.4 (All Languages) - No modifications yet

[openemr.git] / Documentation / privileged_db / priv_db_HOWTO.txt

By default, OpenEMR is configured to use the same database account information all the time which has full access to all tables.  Thus if that account is compromised (through SQL Injection as an example) modification can be made to anything.

The concept behind privDB is to allow a separate user that can be used for more “privileged operations” (such as modifying passwords) so the MySQL credentials for routine operations do  not need access.

After creating a privileged user and revoking permissions for the default user, the file sites/<sitename>/secure_sqlconf.php is used to specify the details of the privileged user.

It is not recommended that you make this change unless you are comfortable with MySQL administration.  In addition, the 'openemr' user no longer has full permissions, so when patching/upgrading the .SQL schema, the user defined in sites/<sitename>sqlconf.php will need to be modified to use a more privileged account (e.g. root, or a “secure” whose creation is being described below.).

Configuration of the privileged user should not be done with phpMyAdmin and is best done with a tool such a MySQL Workbench or with the mysql command-line tool with root db access. This is because you would be trying to change the permissions of the account phpMyAdmin is logged in with and are likely to encounter problem as a result. 

In this description “openemr” is the MySQL username and 'secure' is the login to be created that has “full permissions.”

Manage the Database Users 
        an example script is provided in:Documentation/privileged_db/example_user_permissions” 
1. Revoke “ALL” privileges for “openemr” by executing this command
        revoke all on openemr.* FROM 'openemr'@'localhost';
2. Explicitly grant permissions to each table individually by executing statements like this:
        GRANT ALL ON openemr.addresses to 'openemr'@'localhost';
        GRANT ALL ON openemr.amc_misc_data to 'openemr'@'localhost';
        ...
    every table needs to be specified except for those tables that you wish to restrict access to (e.g. users_secure).
3. Create the secure user.
        CREATE USER 'secure'@'localhost' identified by 'securepassword'
4. Grant the secure user full permissions (or a subset of your choosing, access to users and users_secure are required at a minimum at present.
        GRANT ALL on openemr.* to 'secure'@'localhost'


Update the OpenEMR files
1. create sites/<sitename>/secure_sqlconf.php
2. see example in Documentation/privileged_db/secure_sqlconf.php for reference

If you are having problems and want to “revert” delete the secure_sqlconf.php file and execute
        GRANT ALL on openemr.* to 'openemr'@'localhost'