[Plugin: Snapshot Backup] Security and compression

  • Resolved jtheory

    (@jtheory)


    12 years, 9 months ago

    Thanks for the plugin! This is close to what I need, but has a few serious issues that will fortunately be easy to fix.

    1. Backups should not be publicly available: currently the latest backup is freely-downloadable in the uploads directory by anyone who can guess the filename… which isn’t hard, since it’s just a timestamp. It’s easy for a cracker to write a script to try the 1440 possibilities in a given day, and that’s that.
    2. Don’t leave tar files uncompressed: a tar file has no compression at all – but it’s easy to make tar.gz (or name them .tgz) files instead by just including “z” in your tar options to gzip the tarball.

    https://www.ads-software.com/extend/plugins/snapshot-backup/

Viewing 1 replies (of 1 total)
  • Plugin Author Jay Versluis

    (@versluis)

    Hi jtheory,

    Those are two very good points indeed. I’m now sure though where else to save the latest local snapshot – it needs to be accessible otherwise people won’t be able to download it via the web. I’m happy to add a delete option though once the snapshot has moved to the FTP repo.

    I want to make compression an option too, it’s been requested several times before. Next time I get round to an update those points will be addressed. Can’t promise when that will be though…

    There is a plugin that has all this built in though: check out https://backwpup.com

Viewing 1 replies (of 1 total)
  • The topic ‘[Plugin: Snapshot Backup] Security and compression’ is closed to new replies.