DB-005 critical general

App user cannot DROP DATABASE

Application database user must not have DROP privilege. Verify via SHOW GRANTS output.

Question to ask

"Could a SQL injection bug wipe your entire database?"

Verification guide

Severity: Critical

This is a guided manual check.

Prompt user:

Please provide the SHOW GRANTS output for the application database user.

For PostgreSQL: \du app_user or check pg_roles

For MySQL: SHOW GRANTS FOR 'app_user'@'%';

Verify:

  • No DROP privilege on database level
  • No ALL PRIVILEGES on database level
  • Ideally limited to: SELECT, INSERT, UPDATE, DELETE on specific tables

Pass criteria:

  • App user cannot DROP DATABASE
  • Permissions are scoped to necessary operations only

Fail criteria:

  • DROP privilege exists
  • ALL PRIVILEGES granted at database level

Evidence to capture:

  • GRANTS output for app user
  • Confirmation of restricted permissions

Cross-reference with:

  • DB-004 (should be one of the documented users)

Section

05. Database & Connections

Database & Data

← Previous

DB-004

Database users documented (including read-only user)

 Next →

DB-006

Soft delete pattern implemented