Lock tables


This feature has been developed to avoid unauthorized changes in the most important tables of Joomla! core (and also thrid party extensions) by using triggers into database. It's intended to be applied specially on sites where changes are not frequently and with no user's interaction (for example one page templates). This feature will be specially useful on sites developed by webmasters that are not maintained by customers (those sites are specially attractive for hackers).

One of the most dangerous situation we can find in Joomla! comes from unauthorized changes into database; this allow attackers to create or modify users or inject malicious payloads into content, allowing Cross-site scripting attacks.

For example, suppose that we have an article in our website:

If someone gains access to our database, he could be able to modifiy the article's content to add a malicious payload, for instance to show an alert:

Using this feature we will create a trigger into certain tables of Joomla! (users, user_usergroup_map, content, redirect_links and extensions) that won't allow changes on those tables. After appliying it if someone tries to modify the article's content he will get an error message:

Take note that no changes will be allowed into users, group membership or content EVEN IF YOUR ACCOUNT IS A SUPER USER ACCOUNT.

Important: certain changes in users and content tables are allowed to avoid making the site unusable,as certain parameters are updated even visiting an article or when someone logs into the site.

To make changes just disable this feature, make the changes and enable this feature again.

If for some reason you get issues after applying this feature, you can disable it using phpmyadmin. Look for the database and go to the "Triggers" tab; select all triggers listed and click on the "Drop" button.

This feature is based on a previous work of Mateo González Fernández.