One more note,
When discussing FTP we are not talking about akeeba, or jpa files. We are specifically talking about the backup folder on cloudaccess platform sites with file system+db dumps that is one level above httpdocs, and when the Cpanel makes the symbolic link for doing backups/replication it puts a symbolic link to that backup directory in httpdocs, thus giving a path for any FTP user to see entire database contents and download them (along with file system archives).
So at that moment when that happens, if anyone has FTP access they now have access to raw SQL dumps and file system backups that was made by the Cpanel. Nothing to do with akeeba.
This isn't about akeeba or jpas, not everyone uses akeeba or will necessarily have this extension installed and if they do they should understand any risks associated with handing out FTP yes but at that point they installed the extension and it leaves jpas in httpdocs where someone with ftp can access. That is an act of the customer on your platform adding extenions which makes the FTP situation less secure, but it's customer [[drive]] in that case.
This is about the cloudaccess platform putting a link to backups in httpdocs, which gives access to backups for any FTP user. No user knowingly or willingly consents to this or has any knowledge or deep understanding of this issue which is platform related. This is company/platform [[drive]] (you) and without customer knowledge, making it more of a troublesome situation. Just because a user has FTP access doesn't mean they should have access to download your entire database, which I do not believe is something possible on every hosting provider but I could be wrong.
I hope that adds further clarification if there's any miscommunication about the "ftp issue". Thanks for the clear technical response. And this isn't always possible, it takes using the backup/replication feature in cpanel and a user with ftp access being on the file system and noticing that link is available for that X period of time mentioned above, but it's still a problem.
via Joomla! http://ift.tt/1vfdKtO
When discussing FTP we are not talking about akeeba, or jpa files. We are specifically talking about the backup folder on cloudaccess platform sites with file system+db dumps that is one level above httpdocs, and when the Cpanel makes the symbolic link for doing backups/replication it puts a symbolic link to that backup directory in httpdocs, thus giving a path for any FTP user to see entire database contents and download them (along with file system archives).
So at that moment when that happens, if anyone has FTP access they now have access to raw SQL dumps and file system backups that was made by the Cpanel. Nothing to do with akeeba.
This isn't about akeeba or jpas, not everyone uses akeeba or will necessarily have this extension installed and if they do they should understand any risks associated with handing out FTP yes but at that point they installed the extension and it leaves jpas in httpdocs where someone with ftp can access. That is an act of the customer on your platform adding extenions which makes the FTP situation less secure, but it's customer [[drive]] in that case.
This is about the cloudaccess platform putting a link to backups in httpdocs, which gives access to backups for any FTP user. No user knowingly or willingly consents to this or has any knowledge or deep understanding of this issue which is platform related. This is company/platform [[drive]] (you) and without customer knowledge, making it more of a troublesome situation. Just because a user has FTP access doesn't mean they should have access to download your entire database, which I do not believe is something possible on every hosting provider but I could be wrong.
I hope that adds further clarification if there's any miscommunication about the "ftp issue". Thanks for the clear technical response. And this isn't always possible, it takes using the backup/replication feature in cpanel and a user with ftp access being on the file system and noticing that link is available for that X period of time mentioned above, but it's still a problem.
Statistics: Posted by sitesrus — Fri Jan 30, 2015 3:36 pm
via Joomla! http://ift.tt/1vfdKtO
No comments:
Post a Comment