Temporary folder? | General Questions and Support | Forum Archive

The free forums are no longer in use. It remains available as read-only archive.

Avatar
Lost password?
Advanced Search
Forum Scope


Match



Forum Options



Minimum search word length is 3 characters - maximum search word length is 84 characters
The forums are currently locked and only available for read only access
sp_TopicIcon
Temporary folder?
September 1, 2013
1:10 pm
Avatar
Chris
Member
Members
Forum Posts: 3
Member Since:
September 1, 2013
sp_UserOfflineSmall Offline

Hi,

Looking at using XCloner on my wordpress site. I'm curious as to what the temporary folder path is used for?

 

Thanks

September 1, 2013
8:21 pm
Avatar
Ovidiu Liuta
Admin
Forum Posts: 2484
Member Since:
September 26, 2010
sp_UserOfflineSmall Offline

For storing the mysql database backup as well as a file listing info.

September 1, 2013
9:48 pm
Avatar
Chris
Member
Members
Forum Posts: 3
Member Since:
September 1, 2013
sp_UserOfflineSmall Offline

Interesting, seems like having that folder is a large security risk. Especially because it needs such open permissions for XCloner to work.

I dont like the fact that if someone wanted to do something bad to my website, they could write a little script which watched that directory for activity then steal my database from that folder, as well as file listing. Which would probably include the location of my wp_config.php file.

Is there some way we can fix this? Or are my fears unwarranted?

September 2, 2013
7:51 am
Avatar
Ovidiu Liuta
Admin
Forum Posts: 2484
Member Since:
September 26, 2010
sp_UserOfflineSmall Offline

All files from that temporary directory are being deleted once a backup is finished, however if you would like to furher secure it, you can simply block any web access to it through .htaccess rule deny all

September 2, 2013
12:46 pm
Avatar
Chris
Member
Members
Forum Posts: 3
Member Since:
September 1, 2013
sp_UserOfflineSmall Offline

I dont want to be a pain in the ass, but it seems like having the htaccess rule should be something XCloner should do by default.

You cant guarentee that any given XCloner job will exit safely. Web servers vary dramatically, a web host could kill the cron job because of excessive processor utilization or memory usage. In that case, I have my database exposed possibly for days on end. Which is totally unacceptable in my opinion.

Forum Timezone: America/Chicago
Most Users Ever Online: 867
Currently Online:
Guest(s) 1
Currently Browsing this Page:
1 Guest(s)
Top Posters:
mlguru: 30
Django29: 29
Andy: 21
D: 21
Marcus: 20
Jamie F: 19
Member Stats:
Guest Posters: 738
Members: 10030
Moderators: 2
Admins: 3
Forum Stats:
Groups: 3
Forums: 7
Topics: 2397
Posts: 8236
Newest Members:
Emmanuel Joachim
Moderators: TriP: 0, Steve Burge: 0
Administrators: Ovidiu Liuta: 2484, Victor Drover: 1, Valentin Barbu: 0