0

We run a Joomla 5 website on a professionally managed server.
On our production environment, the MySQL account used by Joomla has intentionally limited privileges — only SELECT, INSERT, UPDATE, DELETE — following the principle of least privilege.
All Joomla and extension updates are performed exclusively on a staging/qualification machine, never directly on production.

However, the Smart Search (com_finder) component appears to issue ALTER TABLE commands on its own tables during index rebuilding.
This effectively forces us to grant the ALTER privilege to the Joomla database user permanently, which we want to avoid for obvious security reasons.

Questions:

  1. Is it normal that com_finder needs to run ALTER TABLE statements during normal operation?
  2. Is there any configuration option or “safe mode” to rebuild or use the index without modifying the database structure?
  3. If not, is this considered a bug or simply a design choice?
  4. Is there any roadmap or open issue to better separate schema-modifying privileges (ALTER, CREATE, DROP) from regular runtime operation?

This behavior makes Joomla difficult to deploy in professional or audited environments where database privileges are strictly controlled.
Other CMSs (e.g. WordPress, Drupal) can operate in production without ALTER permissions — could Joomla move in that direction?

Thanks in advance for any insights or official clarification!

Environment:
Joomla 5.x, PHP 8.2, MySQL 8.0, Smart Search enabled.

Improve this question

1 Answer 1

Reset to default
1

I have had a look at the code for com_finder and it would appear that you don't have any opportunity or setting that can disable the use of the ALTER command. An issue would have to be raised to have the core code changed to be able to control or disable the behaviour.

ALTER is only used in one method, toggleTables, in ../administrator/components/com_finder/src/Indexer/Indexer.php of com_finder and its purpose is to switch two tables, #_finder_tokens and #__finder_tokens_aggregate, between memory and disk during indexing.

 // Set the tokens table to Memory. $db->setQuery('ALTER TABLE ' . $db->quoteName('#__finder_tokens') . ' ENGINE = MEMORY'); $db->execute(); // Set the tokens aggregate table to Memory. $db->setQuery('ALTER TABLE ' . $db->quoteName('#__finder_tokens_aggregate') . ' ENGINE = MEMORY'); $db->execute();

The toggleTables method is called from other methods in the Indexer based upon memory limits and thresholds as to whether the table should be on disk or in memory, e.g.

 // Check if we're approaching the memory limit of the token table. if ($count > static::$state->options->get('memory_table_limit', 30000)) { $this->toggleTables(false); }

The change would need to be made around here at the start of the toggleTables method where checking is done to determine if in memory tables are supported, in this case anything other than mysql is not, and prevent further processing. A check could be done on whether the ALTER privilege is available and bypass processing if it is not.

protected function toggleTables($memory) { static $supported = true; if (!$supported) { return true; } if (strtolower($this->db->getServerType()) != 'mysql') { $supported = false; return true; }

You can find all this in ../administrator/components/com_finder/src/Indexer/Indexer.php

Improve this answer
1
  • Thanks a lot for taking the time to look into the core code and for pointing me to the toggleTables() implementation. This confirms what I was afraid of: there is currently no configuration option to prevent com_finder from issuing ALTER. I am afraid that people who are in charge of our web/mysql servers will not agree with that. I'll open an issue on the Joomla CMS GitHub repository and we will see... Thanks again for the detailed pointers! Commented Nov 19 at 13:39

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.