XCloner - Huge Security Risk | General Questions and Support | Forum Archive

The free forums are no longer in use. It remains available as read-only archive.

Avatar
sp_LogInOut Log In
Lost password?
sp_Search Search
Advanced Search
Advanced Search
Forum Scope


Match



Forum Options



Minimum search word length is 3 characters - maximum search word length is 84 characters
sp_Search Search
Go to Bottom
The forums are currently locked and only available for read only access
sp_TopicIcon
XCloner - Huge Security Risk
May 16, 2012
12:45 pm
Avatar
Thomas
New Member
Members
Forum Posts: 1
Member Since:
May 16, 2012
sp_UserOfflineSmall Offline
Go to Top
1sp_Permalink sp_Print

I have noticed, that XCloner stores all Backups with file permisson 644.

So absolutely EVERYONE is able to download your Backups if you do not change the file permissions on your own, right after XCloner has created the backup. MADNESS!!!

May 16, 2012
3:05 pm
Avatar
Ovidiu Liuta
Admin
Forum Posts: 2484
Member Since:
September 26, 2010
sp_UserOfflineSmall Offline
sp_UserWebsite sp_Twitter sp_GooglePlus
Go to Top
2sp_Permalink sp_Print

There is nobody stopping you from configuring the Backup Store Path to be outside the site webroot.

 

Also, if using apache, you can deny direct access to that folder by .htaccess rules.

 

Hope it helps! Ovidiu

sp_Feed All RSS
Go to top
Forum Timezone: America/Chicago
Most Users Ever Online: 867
Currently Online:
Guest(s) 1
Currently Browsing this Page:
1 Guest(s)
Top Posters:
mlguru: 30
Django29: 29
D: 21
Andy: 21
Marcus: 20
Jamie F: 19
Member Stats:
Guest Posters: 738
Members: 10049
Moderators: 2
Admins: 3
Forum Stats:
Groups: 3
Forums: 7
Topics: 2397
Posts: 8236
Newest Members:
ISIDORO ILARDO
Moderators: TriP: 0, Steve Burge: 0
Administrators: Ovidiu Liuta: 2484, Victor Drover: 1, Valentin Barbu: 0