michaeldewildt
commented
11 years ago You shouldn't really be relying on directory permissions to prevent this. Instead it should be done within your .htaccess file.
Closed gregology closed 11 years ago
michaeldewildt
commented
11 years ago You shouldn't really be relying on directory permissions to prevent this. Instead it should be done within your .htaccess file.
gregology
commented
11 years ago Yes, using the .htaccess file to prevent access to the SQL backup file is a good idea. I would still argue that there is a security issue because the SQL backup file is created without checking if it will be publicly readable.
michaeldewildt
commented
11 years ago Agreed. Unfortunately It has to be readable by apache otherwise it cannot be uploaded to Dropbox.
I originally generated the htaccess file but this ran into issues when people changed the dump location.
In order to grab the file a hacker would have to know the route and the name of the file.
Ill look into re introducing the htaccess file for people with less then secure setups.
gregology
commented
11 years ago I totally agree, it's best practice to make your database name difficult to guess but I've seen a few web hosting companies use usernames as db names in their quick wordpress setups :s I think hostmonster were doing that last time I checked. How about doing a get_headers on the SQL backup file location after creation or in the setting panel to warn if it's "HTTP/1.1 200 OK".
jjeaton
commented
11 years ago It would be fine to not include the .htaccess file by default as long as you tell people when they activate the plugin that they should disable access to that directory. Or maybe delete the .sql files after the backup?
EDIT: I stand corrected. It looks like you already do delete the .sql files after backup.
Default permissions for wp-content/backups is drwxr-xr-x which allows access to the SQL dump file via the webserver.
drwxr-xr-x 2 www-data www-data 4096 2012-12-24 16:26 backups