Xcloner backup security tweak - help needed | Old Forum | Free Forums

All Wordpress Forum requests have been moved to Wordpress Support Forums

 

Avatar

Please consider registering
guest

sp_LogInOut Log In sp_Registration Register

Register | Lost password?
Advanced Search

— Forum Scope —




— Match —





— Forum Options —





Minimum search word length is 3 characters - maximum search word length is 84 characters

sp_Feed Topic RSS sp_TopicIcon
Xcloner backup security tweak - help needed
December 23, 2009
12:00 am
Avatar
brendonhatcher
Guest

Hi

When using xcloner, the full mysql and ftp details are present in the archived configuration.php file.

When the new config file is produced, the original values are present as commented out pieces in the config file.

This is sort of OK when you own both the original and the cloned site.

However, I am making my Xcloner available to the public. I do not want them to have access to the original config settings.

The solution is relatively simple, but beyond my programming skills:

Xcloner needs to be modified as follows:

1. Create a new routine that makes a sanitized copy of the configuration file
- all server paths, usernames and passwords are removed
- the file is stored in a temp folder

2. Modify the file collation routine
- currently, XCloner builds a list of files based on the total set of files and folders, minus those excluded by the user during archive
- exclude /configuration.php
- include /[tempfolder]/configuration.php (removing the path from the archive file location - See [a])

Everything else proceeds per normal, resulting in a archived file that is safe to give to others.

The final modification is to the restore routine in restore/xcloner.php

Modify the relevant lines so that they no longer attempt to append the old values to the new configuration file (see [b].

Notes:
[a] Details on how to remove the path from the archived file are here: http://pear.php.net/package/Archive_Tar/docs/latest/Archive_Tar/Archive_Tar.html#methodaddModify

[b] changes to the file follow this pattern:

starting from line 988:
$config_data = str_replace('$'.'host =',"$"."host ='".$_REQUEST[mysql_server]."';#", $config_data);

becomes

$config_data = str_replace("$"."host = ''","$"."host = '".$_REQUEST[mysql_server]."';", $config_data);

Anyone willing to help with the parts I can't do?

Regards
Brendon

Forum Timezone: UTC 0

Most Users Ever Online: 867

Currently Online:
24 Guest(s)

Currently Browsing this Page:
1 Guest(s)

Top Posters:

tom_1: 70

mlguru: 33

Django29: 29

D: 21

Andy: 21

Marcus: 20

Member Stats:

Guest Posters: 737

Members: 41556

Moderators: 1

Admins: 1

Forum Stats:

Groups: 3

Forums: 7

Topics: 2517

Posts: 8419

Newest Members:

Seriesvox Seriesvox

Moderators: Ovidiu - Support!: 0

Administrators: XCloner! Support: 2485

Quick contact

place

Hi there, my name is Ovidiu Liuta and i support the XCloner! project
XCloner is a Joomla backup component, Wordpress backup plugin and Free website backup tool.
Contact me here!

About company

XCloner.com is a dynamic company focusing on providing backup and recovery solutions for small to medium websites.
We are based in Romania and offer 24/7 support through forums and our private ticket system for Premium users support.

© 2020 XCloner - Website Backup and Restore made simple
All Rights Reserved | Privacy Policy