[PHPBB3-15928] Remove support for downloading backups

Discuss requests for comments/changes posted in the Issue Tracker for the development of phpBB. Upcoming releases are 3.2/Rhea and 3.3.
v3d
Registered User
Posts: 4
Joined: Tue Jan 08, 2019 8:42 am

[PHPBB3-15928] Remove support for downloading backups

Post by v3d » Tue Jan 08, 2019 8:57 am

https://tracker.phpbb.com/browse/PHPBB3-15928

https://github.com/phpbb/phpbb/pull/5502
https://github.com/phpbb/phpbb/pull/5501

As per the ticket, database backups could no longer be downloaded via the ACP, starting with phpBB 3.2.6.

Could you please elaborate on why is this functionality being removed?

warmweer
Registered User
Posts: 104
Joined: Wed Jul 09, 2003 5:27 pm
Location: Belgium

Re: [PHPBB3-15928] Remove support for downloading backups

Post by warmweer » Wed Jan 09, 2019 11:15 pm

v3d wrote:
Tue Jan 08, 2019 8:57 am
Could you please elaborate on why is this functionality being removed?
Ow, this is a surprise.
It doesn't cause any problem for me but I can't think of a reason for this move (not that I have time to think about it). (perhaps too many broken downloads because of backupsize?)
Use the best:
Unix for networking, Mac for graphics, Windows for Solitaire

User avatar
david63
Registered User
Posts: 272
Joined: Mon Feb 07, 2005 7:23 am
Location: Lancashire, UK

Re: [PHPBB3-15928] Remove support for downloading backups

Post by david63 » Thu Jan 10, 2019 7:17 am

I would guess that it is being removed as a security/privacy measure, possibly connected with GDPR. There have been instances where "rogue" Admins/Founders have had access to the backup facility.
David
Remember: You only know what you know -
and you do not know what you do not know!

User avatar
Marc
Development Team Leader
Development Team Leader
Posts: 143
Joined: Thu Sep 09, 2010 11:36 am
Location: Munich, Germany

Re: [PHPBB3-15928] Remove support for downloading backups

Post by Marc » Thu Jan 10, 2019 8:39 am

Correct, this is being done as further hardening of the ACP. While backups can still be created and restored, the downloading functionality will be removed to prevent the potential of unauthorized downloads of backups by admins. You will still be able to download the backups via FTP or other means of accessing the file systems as administrator.

v3d
Registered User
Posts: 4
Joined: Tue Jan 08, 2019 8:42 am

Re: [PHPBB3-15928] Remove support for downloading backups

Post by v3d » Thu Jan 10, 2019 10:08 am

Thank you all for clarifying this.

If it is done for prevententing unauthorized access, it sounds to me more like an access rights problematic. Why not create an admin permission "can download backups" or more commonly "can use the backup functionality (create, restore, delete, download)"?

In general, such soluton seems more adapted to "rogue" admins who could always find a workaround. For example, in the phphBB 3.0 days there was a mod which granted full access to the private messages table via the ACP. I guess, the same could be done with extensions, while the ability to send mass emails could be exploited to extract email addresses. And of course, a rogue admin could also create and restore a corrupted backup or simply delete the entire forum along with all backups in the /store folder.

In this case, should we also disable these functionalities or allow, and most importantly, advise on stricter access control?

User avatar
3Di
Registered User
Posts: 754
Joined: Tue Nov 01, 2005 9:50 pm
Location: Milano (I) Frankfurt (D)
Contact:

Re: [PHPBB3-15928] Remove support for downloading backups

Post by 3Di » Thu Jan 10, 2019 10:38 am

v3d wrote:
Thu Jan 10, 2019 10:08 am
Why not create an admin permission "can download backups" or more commonly "can use the backup functionality (create, restore, delete, download)"?
It might be an idea for phpBB 3.3/4, I don't see it as something to implement in 3.2 anyway.
Please PM me only to request paid works. Thx.
Want to compensate me for my interest? Donate
Extensions, Scripts, MOD porting, Update/Upgrades
My development's activity º PhpStorm's proud user

User avatar
Ger
Registered User
Posts: 293
Joined: Mon Jul 26, 2010 1:55 pm
Location: 192.168.1.100
Contact:

Re: [PHPBB3-15928] Remove support for downloading backups

Post by Ger » Thu Jan 10, 2019 12:19 pm

3Di wrote:
Thu Jan 10, 2019 10:38 am
v3d wrote:
Thu Jan 10, 2019 10:08 am
Why not create an admin permission "can download backups" or more commonly "can use the backup functionality (create, restore, delete, download)"?
It might be an idea for phpBB 3.3/4, I don't see it as something to implement in 3.2 anyway.
Why would an extra permission need to wait for a new major version, while removal of functionality can be done in a minor upgrade?

Not that I really care, I never use that phpBB function anyway (MySQL Workbench ftw).
Above message may contain errors in grammar, spelling or wrongly chosen words. This is because I'm not a native speaker. My apologies in advance.

User avatar
david63
Registered User
Posts: 272
Joined: Mon Feb 07, 2005 7:23 am
Location: Lancashire, UK

Re: [PHPBB3-15928] Remove support for downloading backups

Post by david63 » Thu Jan 10, 2019 1:03 pm

There already is a "Can backup/restore database" Admin permission but that no affect if the user is a Founder - and that is what this change is aimed at preventing.

I would prefer a change where there can only be one Founder as that would get around all of these types of problems.
David
Remember: You only know what you know -
and you do not know what you do not know!

User avatar
Ger
Registered User
Posts: 293
Joined: Mon Jul 26, 2010 1:55 pm
Location: 192.168.1.100
Contact:

Re: [PHPBB3-15928] Remove support for downloading backups

Post by Ger » Thu Jan 10, 2019 2:40 pm

david63 wrote:
Thu Jan 10, 2019 1:03 pm
I would prefer a change where there can only be one Founder as that would get around all of these types of problems.
I wouldn't. :)
That would result in a single point of failure. What is that founder is needed for an urgent task and he or she is unavailable because of vacation, illness or -worse- some accident or perhaps even death?

Yeah of course you can always gain access through the database but that assumes much deeper knowledge of both phpBB and MySQL.
Above message may contain errors in grammar, spelling or wrongly chosen words. This is because I'm not a native speaker. My apologies in advance.

v3d
Registered User
Posts: 4
Joined: Tue Jan 08, 2019 8:42 am

Re: [PHPBB3-15928] Remove support for downloading backups

Post by v3d » Thu Jan 10, 2019 3:45 pm

What if the founder (site admin) is unreachable and has also stopped paying the bills, while other founders do not have FTP access? This exact scenario happened to several long-running forums I use to visit (2 SMF-based & 3 phpBB-based, one of which I'm currently hosting). The only thing that saved these forums was the ability to download backups via the ACP.

As for the backups permission, David has a point, it already exists :)

Given all this, a simple, yet relatively effective solution could be a notification to promote stricter control over founder/admin rights. e.g. On update, after login to the ACP: "Please review and remove all unwanted Founder and Admin permissions as it could result in unauthorized access to the ACP, stolen data (GDPR) etc; Here is the current list of such users with their respective permissions..."

Post Reply