wbmnfktr Posted June 5, 2018 Posted June 5, 2018 1 minute ago, ceberlin said: When looking at PW what concerns me most, are unencrypted database backups via the module ProcessDatabaseBackups. Yes. No. Maybe. The bigger problem may be the user that creates that backup and has access to it. Having someone at that point handling those backups has to be trustworthy. A ProcessDatabaseBackupsEncrypted module could be a nice addition nonetheless.
Macrura Posted June 6, 2018 Posted June 6, 2018 5 hours ago, ceberlin said: When looking at PW what concerns me most, are unencrypted database backups via the module ProcessDatabaseBackups. why? 3
LostKobrakai Posted June 6, 2018 Posted June 6, 2018 I'd rather have db backups stored outside the webroot then having them encrypted. By default they're protected by the .htaccess file, but screwing up that file is easy and common. But if that's working (or files are outside the webroot) only people with access to the webserver can see/use the backup files and are highly likely to also have access to the config.php and therefore the db credentials as well. In that case encryption won't give you anything anymore. 4 1
ceberlin Posted June 6, 2018 Posted June 6, 2018 Backups can live their own live. I tend to download them from time to time (some customers do also). Since they can contain sensitive data, it is just another level of protection to have them encrypted. (I know, WordPress modules can be much worse in offering to *mailing* sql backups. Anything can happen there.)
Christophe Posted June 11, 2018 Posted June 11, 2018 (edited) https://www.cnil.fr/en/open-source-pia-software-helps-carry-out-data-protection-impact-assesment "L’outil dispose désormais de 14 langues (français, anglais, italien, allemand, polonais, hongrois, finnois, norvégien, espagnol, tchèque, néerlandais, portugais, roumain et grec) dont six d’entre elles ont été révisées par les Autorités de Protection bavaroise, italienne, finlandaise, hongroise, polonaise et norvégienne." Edit: https://github.com/LINCnil Some repositories are cookie-related. https://github.com/AmauriC/tarteaucitron.js "Comply to the European cookie law"... Edited June 12, 2018 by Christophe
Recommended Posts