Closed renatobellotti closed 6 years ago
Why is it a threat if the dump is unencrypted on the production system? Someone with access to the production system can always access the database directly anyways.
You're right, but the dumps have to be encrypted before uploading them to the cloud (for privacy reasons, especially for later when Shibboleth integration is implemented...)
If I remember correctly, they are!
Am 08.01.2018 um 10:16 schrieb Renato Bellotti notifications@github.com:
You're right, but the dumps have to be encrypted before uploading them to the cloud (for privacy reasons, especially for later when Shibboleth integration is implemented...)
— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or mute the thread.
You're right, the current backup script does encrypt the dump. The other script is never used, if I haven't overseen anything.
Right now, there is a very short time window during which the database dump is unencrypted.
Possible solution: Pipeline the encryption command instead of calling it later.
The other script does only a backup of the tq_website database, but does not encrypt it at all!