Xcloner backup security tweak - help needed | Old Forum | Forum Archive

The free forums are no longer in use. It remains available as read-only archive.

Avatar
Lost password?
Advanced Search
Forum Scope


Match



Forum Options



Minimum search word length is 3 characters - maximum search word length is 84 characters
The forums are currently locked and only available for read only access
sp_TopicIcon
Xcloner backup security tweak - help needed
December 23, 2009
12:00 am
Avatar
brendonhatcher
Guest
Guests

Hi

When using xcloner, the full mysql and ftp details are present in the archived configuration.php file.

When the new config file is produced, the original values are present as commented out pieces in the config file.

This is sort of OK when you own both the original and the cloned site.

However, I am making my Xcloner available to the public. I do not want them to have access to the original config settings.

The solution is relatively simple, but beyond my programming skills:

Xcloner needs to be modified as follows:

1. Create a new routine that makes a sanitized copy of the configuration file
- all server paths, usernames and passwords are removed
- the file is stored in a temp folder

2. Modify the file collation routine
- currently, XCloner builds a list of files based on the total set of files and folders, minus those excluded by the user during archive
- exclude /configuration.php
- include /[tempfolder]/configuration.php (removing the path from the archive file location - See [a])

Everything else proceeds per normal, resulting in a archived file that is safe to give to others.

The final modification is to the restore routine in restore/xcloner.php

Modify the relevant lines so that they no longer attempt to append the old values to the new configuration file (see [b].

Notes:
[a] Details on how to remove the path from the archived file are here: http://pear.php.net/package/Archive_Tar/docs/latest/Archive_Tar/Archive_Tar.html#methodaddModify

[b] changes to the file follow this pattern:

starting from line 988:
$config_data = str_replace('$'.'host =',"$"."host ='".$_REQUEST[mysql_server]."';#", $config_data);

becomes

$config_data = str_replace("$"."host = ''","$"."host = '".$_REQUEST[mysql_server]."';", $config_data);

Anyone willing to help with the parts I can't do?

Regards
Brendon

Forum Timezone: America/Chicago
Most Users Ever Online: 867
Currently Online:
Guest(s) 1
Currently Browsing this Page:
1 Guest(s)
Top Posters:
mlguru: 30
Django29: 29
Andy: 21
D: 21
Marcus: 20
Jamie F: 19
Member Stats:
Guest Posters: 737
Members: 9462
Moderators: 2
Admins: 3
Forum Stats:
Groups: 3
Forums: 7
Topics: 2397
Posts: 8236
Newest Members:
Robert Dumitru
Moderators: TriP: 0, Steve Burge: 0
Administrators: Ovidiu Liuta: 2484, Victor Drover: 1, Valentin Barbu: 0