MyBB Community Forums Extensions Plugins Plugin Releases v
[For 1.6] MySquirrel

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Threaded Mode
[For 1.6] MySquirrel
Paul H. Away

Former Staff
Posts: 8,510
Threads: 386
Joined: Feb 2011
Reputation: 279
#1
2011-12-02, 09:15 PM
MySquirrel allows you to execute MySQL queries from the ACP.

To access: ACP>Tools & Maintenance>MySquirrel

Mods site: http://mods.mybb.com/view/mysquirrel

Version: 1.0
-Paul H.

Cogisne lingua latina?
Find
Reply
Andre R. Offline

Big Board Owner
Posts: 1,001
Threads: 187
Joined: Aug 2010
Reputation: 16
#2
2011-12-02, 09:16 PM
This is brilliant! Great name too, i will try this immediately.
[Image: mybbsig.php]
Website Find
Reply
pavemen Offline

Former Staff
Posts: 4,846
Threads: 180
Joined: May 2007
Reputation: 254
#3
2011-12-02, 09:28 PM
I would highly suggest that you create a list of disallowed query actions, or at least add major confirmation of those actions.

DELETE, DROP, ALTER, GRANT, etc should not be allowed or not allowed without confirmation.
Lost interest, sold my sites, will browse here once in a while. It's been fun.
Find
Reply
Solidus Offline

Big Board Owner
Posts: 2,440
Threads: 73
Joined: May 2010
Reputation: 66
#4
2011-12-02, 10:51 PM
I second what pavement posted, I need to run an ALTER query nearly every day. I'll use this when security is enhanced.
[Image: hdoE.png]
m1ne.net - coming soon
Website Find
Reply
Paul H. Away

Former Staff
Posts: 8,510
Threads: 386
Joined: Feb 2011
Reputation: 279
#5
2011-12-02, 11:11 PM
(2011-12-02, 09:28 PM)pavemen Wrote: I would highly suggest that you create a list of disallowed query actions, or at least add major confirmation of those actions.

DELETE, DROP, ALTER, GRANT, etc should not be allowed or not allowed without confirmation.

That's actaully in planning for the next version. Which will come out in a day or so. Non-super admins will not be able to run those queries.
-Paul H.

Cogisne lingua latina?
Find
Reply
pavemen Offline

Former Staff
Posts: 4,846
Threads: 180
Joined: May 2007
Reputation: 254
#6
2011-12-02, 11:20 PM
I would still throw a verification in there, perhaps an AJAX validation like with usernames during registration. Have it as an option if you think that would be better, something like "prompt on dangerous queries".
Lost interest, sold my sites, will browse here once in a while. It's been fun.
Find
Reply
TheGarfield Offline
Posts: 866
Threads: 101
Joined: May 2011
Reputation: 56
#7
2011-12-03, 12:49 AM
This isn't a good plugin,

Try this:

DROP DATABASE();

You'd be surprised... Well there's no need to report bugs that are in Admin CP anymore since with this plugin you can do whatever you want... delete / insert / update / drop...
Rasmus Lerdorf Wrote:If eval() is the answer, you're almost certainly asking the wrong question. - Rasmus Lerdorf
Find
Reply
Paul H. Away

Former Staff
Posts: 8,510
Threads: 386
Joined: Feb 2011
Reputation: 279
#8
2011-12-03, 01:06 AM
Read the above posts.
-Paul H.

Cogisne lingua latina?
Find
Reply
TheGarfield Offline
Posts: 866
Threads: 101
Joined: May 2011
Reputation: 56
#9
2011-12-03, 01:13 AM
No I mean the whole idea is bad... Some newbies add some other people as co-admins that have same privileges besides managing settings etc...
With this plugin anyone who accesses the Admin CP can do it all
Rasmus Lerdorf Wrote:If eval() is the answer, you're almost certainly asking the wrong question. - Rasmus Lerdorf
Find
Reply
Omar G. Offline

Development
Posts: 9,905
Threads: 399
Joined: Jan 2010
Reputation: 548
#10
2011-12-03, 01:20 AM
(2011-12-03, 01:13 AM)TheGarfield Wrote: No I mean the whole idea is bad... Some newbies add some other people as co-admins that have same privileges besides managing settings etc...
With this plugin anyone who accesses the Admin CP can do it all

He already mentioned that in future versions the plugin will allow only super admins to use the tool, and it will include better security.

Otherwise, it is a non-recommended plugin imo.
Soporte en Español

[Image: signature.png]

Discord at omar.gonzalez (Omar G.#6117); Telegram at @omarugc;
Website Find
Reply


Forum Jump:


Users browsing this thread: 7 Guest(s)