Possible Major Security Flaw — AWS S3

  • Resolved mountainguy2

    (@mountainguy2)


    9 years ago

    Hello, I bought the premium version and spent some time setting up timed backups that go off site to Amazon S3.

    Then I notice that when I go to the Updraft/Settings the Amazon S3 Access Key and Secret Key information is sitting there in plain view! I repeat, this incredibly important information is not obscured! Thus, if a site was hacked and a criminal gained admin access, they would also gain access to my Amazon S3 account, where I keep all sorts of backups and sensitive files !?

    What is more, in a group work environment, all workers with admin access to the WordPress site can drop into the Updraft settings and obtain the S3 access info.

    Is this true? If so, I stand amazed and would ask if there is any sort of workaround that would keep the S3 information private.

    Am I missing something here?

    Thanks, MTN

    https://www.ads-software.com/plugins/updraftplus/

Viewing 4 replies - 1 through 4 (of 4 total)
Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Possible Major Security Flaw — AWS S3’ is closed to new replies.