Author Topic: Security Concerns (Read 2035 times)

carcam · « **on:** September 17, 2009, 03:32:18 am »

Hi to all, I am not a web security expert, but I am really concerned about this issue and I have some questions and ideas about it.

Recently I have performed an Opengoo hosting migration, and I could download the backup package directly from my server using wget. The point is that the backup package name is generic, so If i don't remove the backup files after their creation, everyone with a minimum knowledge about Opengoo could get my backups. This is a real problem when the backup file contains the DB, and the files on the server. I think that this issue could be solved with one of these (or both) simple actions:

1) Adding a password to the files (This would really make the point)
2) Asking the opengoo Administrator for a different backup filename.

What do you think?

koko · « **Reply #1 on:** September 17, 2009, 05:38:45 am »

Hi,

Indeed, I agree this zould be very nice!!
Isn't this just an option in the script? (password on the zip)

carcam · « **Reply #2 on:** September 20, 2009, 11:02:27 am »

Quote from: koko on September 17, 2009, 05:38:45 am

Hi,

Indeed, I agree this zould be very nice!!
Isn't this just an option in the script? (password on the zip)

I have not find the password on the zip option on the script.

By the way, after reading the plugin notes again, I have found a way to change the directory and the name of the backup file, but as this configuration has to be done on the config.php file, I still think the system is pretty insecure.

I think I'll post a feature request

. Thanks for your help.

Feng Forum

News:

Author Topic: Security Concerns (Read 2035 times)

carcam

Security Concerns

koko

Re: Security Concerns

carcam

Re: Security Concerns