This feature should be removed in my opinion. There is no need for it. Most users are able to use the backup function in CPanel or at least phpmyadmin. They are both better than anything MyBB would be able to include in its software. Additionally, this could be a security issue. If someone is able to get into a users website they could literally take a whole copy of their forum.
(2015-05-26, 12:44 PM)Ben C Wrote: [ -> ]This feature should be removed in my opinion. There is no need for it. Most users are able to use the backup function in CPanel or at least phpmyadmin. They are both better than anything MyBB would be able to include in its software. Additionally, this could be a security issue. If someone is able to get into a users website they could literally take a whole copy of their forum.
I agree that there are other backup solutions that are better suited and it's functionality that is not part of MyBB's core competencies.
I disagree that it's a security issue. If we removed the backup functionality from MyBB it would be trivial for an attacker who has ACP access to install a plugin that does the same thing. It's not going to stop an attacker from taking a whole copy of your forum.
It is a security issue though. Currently, we are literally handing hackers a way to take copies of our whole forum without anything to stop it except the admin login.
(2015-05-26, 01:31 PM)Ben C Wrote: [ -> ]It is a security issue though. Currently, we are literally handing hackers a way to take copies of our whole forum without anything to stop it except the admin login.
They could still do that without the backup functionality, is my point.
Continuing in its thread
Please don't remove it for security reasons, like mentioned in other thread and here above access to backend is bad and grabbing a DB copy is only one of many problems that can happen.
If a decision is made based on it 'not belonging' to MyBB then that's something else. I don't agree but I don't expect to be able to convince anybody
(2015-05-26, 01:37 PM)Will P Wrote: [ -> ] (2015-05-26, 01:31 PM)Ben C Wrote: [ -> ]It is a security issue though. Currently, we are literally handing hackers a way to take copies of our whole forum without anything to stop it except the admin login.
They could still do that without the backup functionality, is my point.
I disagree with you here within the frame of reference of probability. If all MyBB installs have this file that a user has to specifically take action to find and remove, that's a nearly 100% opportunity for MyBB databases to be dumpable through something as ridiculous as the 1.8.(2? 3?) release debacle.
Outsourcing this to an option that is most likely already there reduces a) in concept, the number of ways to dump the database via software/scripts installed b) the ability for some issue in the core to exploit this functionality.
As for plugins, there's a reason we check the ones we put on the Mods site, which is where users should go for the vast majority of their plugin needs. It's very, very unlikely to happen here. As for other sites, it's a bit more iffy there, but reputable developers would also MOST LIKELY be safe. Users can still scroll through the code and check for things that look instinctively suspicious.
As for plugins acquired from a nulled/warez site, well that's the fault of the forum's admin, asking to get hacked, effectively.
The general contention I'm making is that the current system allows for implicit exploitation, with explicit action needed to avoid having that code available for (ab)use. Changing it as the title suggests would flip this relationship to an implicit safety within the core, and an explicit action required to make such a dump happen again.
Maybe have the file with the backup script be one that needs to be uploaded when you need to use it like how some of the tools VBulletin has are.
(2015-05-27, 05:10 PM)dragonexpert Wrote: [ -> ]Maybe have the file with the backup script be one that needs to be uploaded when you need to use it like how some of the tools VBulletin has are.
Again most people would upload this and forget to remove the file afterwards. Probably about 99% if not all of MyBB users have an external backup system whether it be CPanel, PHPMYADMIN, etc etc.
Personally I wouldn't want to see the database backup option removed.
I'm an admin on a friend's forum (and the one responsible for converting their forum to MyBB in the first place, plus the one who will be helping convert from 1.8 to 2.0). And there have been times in the past where it's been necessary for me to take a backup of the site. (They were away from the computer on vacation and couldn't be contacted.)
However, being that I'm not the owner of the web hosting account I cannot access the cPanel tools. (At least not without going through a bunch of extra steps... and I don't really think it'd be necessary when a perfectly viable alternative already exists... the back up tool within the ACP.)
Additionally on my own site I like using the backup tool because I can combine tasks when I'm logged in. Prune a few logs from plugins to keep database size down, check any suspicious registrations, edit the templates if I need to, get a backup... all without having to log into the cPanel itself. It's very convenient and useful for me.
Additionally the whole security argument falls through for the same reason against the cPanel. I mean really all we have to protect our cPanel accounts from access is a username/password (and, hopefully, a little security through obscurity... but I'd imagine not everyone has taken this sort of step). So what's the difference between them going for ACP or going for cPanel to get a copy?
(A determine attacker will pursue every avenue they can.)
So if we follow your logic, because it's a potential security risk there too, we should remove backup options period. But then we can't take backups period.
Don't get me wrong, security is important. But there will always be a risk. And in many cases there are better ways to mitigate risk than remove features. (Strong passwords, different passwords for accounts, regularly updated anti-virus software on computer, regularly patched OS, etc...)
(2015-06-01, 04:14 AM)VirusZero Wrote: [ -> ]Personally I wouldn't want to see the database backup option removed.
I'm an admin on a friend's forum (and the one responsible for converting their forum to MyBB in the first place, plus the one who will be helping convert from 1.8 to 2.0). And there have been times in the past where it's been necessary for me to take a backup of the site. (They were away from the computer on vacation and couldn't be contacted.)
However, being that I'm not the owner of the web hosting account I cannot access the cPanel tools. (At least not without going through a bunch of extra steps... and I don't really think it'd be necessary when a perfectly viable alternative already exists... the back up tool within the ACP.)
Additionally on my own site I like using the backup tool because I can combine tasks when I'm logged in. Prune a few logs from plugins to keep database size down, check any suspicious registrations, edit the templates if I need to, get a backup... all without having to log into the cPanel itself. It's very convenient and useful for me.
Additionally the whole security argument falls through for the same reason against the cPanel. I mean really all we have to protect our cPanel accounts from access is a username/password (and, hopefully, a little security through obscurity... but I'd imagine not everyone has taken this sort of step). So what's the difference between them going for ACP or going for cPanel to get a copy?
(A determine attacker will pursue every avenue they can.)
So if we follow your logic, because it's a potential security risk there too, we should remove backup options period. But then we can't take backups period.
Don't get me wrong, security is important. But there will always be a risk. And in many cases there are better ways to mitigate risk than remove features. (Strong passwords, different passwords for accounts, regularly updated anti-virus software on computer, regularly patched OS, etc...)
I agree with this statement from Josh posted above:
Quote:Outsourcing this to an option that is most likely already there reduces a) in concept, the number of ways to dump the database via software/scripts installed b) the ability for some issue in the core to exploit this functionality.
I can kind of see where you are coming from relating to the security issue of this but at the same time at least if the mybb admin panel is comprised he cannot immediately take a copy of your whole forum. I think that with the recent ish compromise of the GitHub account and then people accessing forums Admin CPs this would be a good step to take to minimise the damage that a hacker could do if something like that did happen again.