We are running a WordPress site and one of the plug-ins requires drop permission on the database. (We currently do not grant drop permission and have not needed to for any other plug-ins.)
Is there a security concern if I grant the public connection/user drop privileges?
The plug-in in question is simplepress and we receive an error asking for drop permissions:
[DROP command denied to user xxxxxxx for table ‘wp_sfwaiting’] TRUNCATE wp-sfwaiting
Mysql
changed in that it requiresDROP
permission since 5.1.16:Check it here.
Truncate
is often used as a fast table clear option (as recommended byMySQL
themselves). It should be changed todelete from <table>
by that plugin programmer to get away only with theDELETE
permission.Until that you may grant drop only for that specific table..