No announcement yet.

backup.php? A security hazard?

  • Filter
  • Time
  • Show
Clear All
new posts

  • backup.php? A security hazard?

    I did a brief search on this forum in the bug reporting and this forum about this topic, didnt find anything related.

    So my question is, isnt backup.php available to any administrator a bad thing? It dumps the full database, passwords, everything.

    I would think that this line would be present in this file

    if (! checklogperms($canviewadminlog,1,"<p>Admin log viewing restricted.</p>"))
    (I added this to my own vB script, but shouldnt it be added to the full release?)

  • #2
    Intersting idea. However I wouldn't trust anyone to be an Admin if I couldn't trust them to not abuse user passwords.
    Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
    Change CKEditor Colors to Match Style (for 4.1.4 and above)

    Steve Machol Photography

    Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


    • #3
      But, if somehow by mistake someone did something ignorant and accidentally pasted their password somewhere...

      (A lot of people have done it in IRC with their nickserv identify password and not even realized it, or gave their irc script to someone).

      It could happen by mistake, everyone is human

      If one of the admin pw's got into the wrong hands, it could spell trouble hehe.

      Also, why would you have the admin log stats restricted? Yet the admin could easily backup the entire admin log with the backup command?

      I just would think they would be linked together, maybe its just me, I dunno.
      Last edited by CMX; Tue 11 Sep '01, 12:26am.


      widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.