I don't like this idea to remove support for downloading backups. And I don't like the "one founder"-idea.
Permissions to download a backup can save or compromit a board as well. However, assigning the rights incorrectly is a human problem, not one of the software. To have at least 2 founders may be the last rescue if the main admin is no longer available (sick / dead / listless / on vacation ...).
To better support the GDPR there would be a lot of other functions with more priority and more effect. All were discussed extensively a year ago.
[PHPBB3-15928] Remove support for downloading backups
- Scanialady
- Registered User
- Posts: 24
- Joined: Sat Sep 12, 2015 3:17 pm
- DavidIQ
- Customisations Team Leader
- Posts: 1904
- Joined: Thu Mar 02, 2006 4:29 pm
- Location: Earth
- Contact:
Re: [PHPBB3-15928] Remove support for downloading backups
Well I guess you should ask yourself: under what circumstance would an administrator need to download a database backup from within the ACP through their browser? If it's for convenience then does that make their data safe or does it put them in the same precarious situation that many sites have been in with massive data leaks?
Situations where a forum administrator does not have access to the server are very rare so to continue putting everyone at risk for that tiny fraction of a percent of admins that might end up needing to download a backup through the browser does not seem to merit keeping the functionality.
Situations where a forum administrator does not have access to the server are very rare so to continue putting everyone at risk for that tiny fraction of a percent of admins that might end up needing to download a backup through the browser does not seem to merit keeping the functionality.
- 3Di
- Registered User
- Posts: 951
- Joined: Tue Nov 01, 2005 9:50 pm
- Location: Milano 🇮🇹 Frankfurt 🇩🇪
- Contact:
Re: [PHPBB3-15928] Remove support for downloading backups
Agreed.DavidIQ wrote: ↑Fri Jan 11, 2019 8:27 pm Situations where a forum administrator does not have access to the server are very rare so to continue putting everyone at risk for that tiny fraction of a percent of admins that might end up needing to download a backup through the browser does not seem to merit keeping the functionality.
Free support for our extensions also provided here: phpBB Studio
Looking for a specific feature or alternative option? We will rock you!
Please PM me only to request paid works. Thx. Want to compensate me for my interest? Donate
My development's activity º PhpStorm's proud user º Extensions, Scripts, MOD porting, Update/Upgrades
Looking for a specific feature or alternative option? We will rock you!
Please PM me only to request paid works. Thx. Want to compensate me for my interest? Donate
My development's activity º PhpStorm's proud user º Extensions, Scripts, MOD porting, Update/Upgrades
- 3Di
- Registered User
- Posts: 951
- Joined: Tue Nov 01, 2005 9:50 pm
- Location: Milano 🇮🇹 Frankfurt 🇩🇪
- Contact:
Re: [PHPBB3-15928] Remove support for downloading backups
I have to say that in light of the reasons why functionality has been removed, I don't even think it's a good idea today to add a permit to the existing ones.Ger wrote: ↑Thu Jan 10, 2019 12:19 pmWhy would an extra permission need to wait for a new major version, while removal of functionality can be done in a minor upgrade?
Not that I really care, I never use that phpBB function anyway (MySQL Workbench ftw).
Free support for our extensions also provided here: phpBB Studio
Looking for a specific feature or alternative option? We will rock you!
Please PM me only to request paid works. Thx. Want to compensate me for my interest? Donate
My development's activity º PhpStorm's proud user º Extensions, Scripts, MOD porting, Update/Upgrades
Looking for a specific feature or alternative option? We will rock you!
Please PM me only to request paid works. Thx. Want to compensate me for my interest? Donate
My development's activity º PhpStorm's proud user º Extensions, Scripts, MOD porting, Update/Upgrades
Re: [PHPBB3-15928] Remove support for downloading backups
phpMyAdmin, a commonly used web app, has the very same download/export feature. Hosting providers offer similar functionality through admin panels, also web-based. And it goes without saying that browser operated cloud software is becoming more and more prevalent.DavidIQ wrote: ↑Fri Jan 11, 2019 8:27 pm Well I guess you should ask yourself: under what circumstance would an administrator need to download a database backup from within the ACP through their browser? If it's for convenience then does that make their data safe or does it put them in the same precarious situation that many sites have been in with massive data leaks?
For the data leaks part, as far as I am aware, the most common root cause was unintended access through the API - this was the case from Wordpress to Facebook, Google+ and the most recent Linkedin debacle. Then there's the case of Cloudflare.
Once again, it is unclear where lies the vulnerability for phpBB? At web browser level, the ACP, permission control ("rogue" admins) or the backup functionality itself? The "no feature, no problem" approach doesn't prevent the risk as the ACP could still be exploited to gain access to user data (mass email functionality, extensions).
- AlfredoRamos
- Registered User
- Posts: 10
- Joined: Wed Jul 02, 2014 9:44 pm
- Location: /dev/null
- Contact:
Re: [PHPBB3-15928] Remove support for downloading backups
Not all administrators have phpMyAdmin or cPanel access and yet any administrator could download the database from the ACP.v3d wrote: ↑Wed Jan 23, 2019 8:31 am phpMyAdmin, a commonly used web app, has the very same download/export feature. Hosting providers offer similar functionality through admin panels, also web-based. And it goes without saying that browser operated cloud software is becoming more and more prevalent.
I think that's one of the reasons why it has been removed that option.
Some of my phpBB extensions:
Imgur | SEO Metadata | Markdown | Auto-lock Topics
Check out all my validated extensions
Arch Linux user
Imgur | SEO Metadata | Markdown | Auto-lock Topics
Check out all my validated extensions
Arch Linux user
Re: [PHPBB3-15928] Remove support for downloading backups
Here is a case in point where being able to download a backup is possibly the only way out of the problem - https://www.phpbb.com/community/viewtop ... #p15189181
David
Remember: You only know what you know -
and you do not know what you do not know!
Remember: You only know what you know -
and you do not know what you do not know!
- Tastenplayer
- Registered User
- Posts: 40
- Joined: Thu Dec 06, 2018 11:14 am
- Contact:
Re: [PHPBB3-15928] Remove support for downloading backups
Although the contribution is already 1 year old:
It is not about laziness of the administrator / founder. But there was definitely an additional security to be able to download an additional backup from the ACP before an update. Unfortunately my server is configured quite extreme. According to the operator, all for the security of the users. I do think that in an emergency you should somehow have a way to do this.
Since some forum operators have quite some problems updating to 3.3.0, without this additional backup I now lack the courage to try the update on my server.
It is not about laziness of the administrator / founder. But there was definitely an additional security to be able to download an additional backup from the ACP before an update. Unfortunately my server is configured quite extreme. According to the operator, all for the security of the users. I do think that in an emergency you should somehow have a way to do this.
Since some forum operators have quite some problems updating to 3.3.0, without this additional backup I now lack the courage to try the update on my server.
Be the best version of yourself rather than a bad copy of someone else!
- DavidIQ
- Customisations Team Leader
- Posts: 1904
- Joined: Thu Mar 02, 2006 4:29 pm
- Location: Earth
- Contact:
Re: [PHPBB3-15928] Remove support for downloading backups
So you have a forum you set up, configured, and likely customized and did all that without FTP access?