martinzellner
commented
6 years ago Why is it a threat if the dump is unencrypted on the production system? Someone with access to the production system can always access the database directly anyways.
Closed renatobellotti closed 6 years ago
martinzellner
commented
6 years ago Why is it a threat if the dump is unencrypted on the production system? Someone with access to the production system can always access the database directly anyways.
renatobellotti
commented
6 years ago You're right, but the dumps have to be encrypted before uploading them to the cloud (for privacy reasons, especially for later when Shibboleth integration is implemented...)
martinzellner
commented
6 years ago If I remember correctly, they are!
Am 08.01.2018 um 10:16 schrieb Renato Bellotti notifications@github.com:
You're right, but the dumps have to be encrypted before uploading them to the cloud (for privacy reasons, especially for later when Shibboleth integration is implemented...)
— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or mute the thread.
renatobellotti
commented
6 years ago You're right, the current backup script does encrypt the dump. The other script is never used, if I haven't overseen anything.
Right now, there is a very short time window during which the database dump is unencrypted.
Possible solution: Pipeline the encryption command instead of calling it later.
The other script does only a backup of the tq_website database, but does not encrypt it at all!