www.webdeveloper.com
Results 1 to 6 of 6

Thread: Most secure method for retrieving SQL backups

  1. #1
    Join Date
    Mar 2005
    Posts
    250

    Most secure method for retrieving SQL backups

    Looking for advice on this matter, and I didn't know any other forum category that would be better than this one.

    I'm looking for a good way for my web site client to regularly retrieve his own MySQL backups. My plan is to set a cron job to dump the contents of his database into a SQL text file, and set another job to either send him the SQL file or give him a link to retrieve it.

    But what is a secure way of doing that? Certainly I'm aware that the SQL file should not be stored within the web root directory. But whether it is mailed as an attachment or sent over HTTP after the client has authenticated with a password, neither of these transfer methods is secure. It will simply be plain text transmitted over the Internet. Short of SSL, is there anything to be done?

    It does occur to me that, since this particular site does not use SSL, any information in its database is being transmitted unsecure over HTTP at one time or another. So perhaps it's no more worrisome to transmit the SQL file? I'm looking for anyone's thoughts on the matter.

  2. #2
    Join Date
    Jan 2007
    Location
    Wisconsin
    Posts
    2,120
    If you wish to provide some sense of security without SSL, you could write an encrypted ZIP/GZIP file to provide to your client via a "server-side authenticated file-serving" script. You'll have to determine the best method of doing this for your particular server, of course (OS, web server, scripting languages, etc.). On a *nix system with the zip command you can supply a password to encrypt the file with on the command line using the -P option, (though it is recommended to encrypt interactively using the -e option).

    Bear in mind, this doesn't come anywhere near the security of just using SSL (which is pretty cheap for a basic cert). But, it offers a bit of security without having to find, author, or purchase any special encryption/decryption software.

  3. #3
    Join Date
    Mar 2005
    Posts
    250
    I will look into this. Thanks!

  4. #4
    Join Date
    Mar 2005
    Posts
    250
    I have been able to successfully use zip to compress the file, and the -e flag to encrypt it interactively. However, when I tried to use the -P flag you mentioned, it was not recognized. Can you give me an example of how to use password protection in the command, rather than interactively? (I know it's less secure, but right now I'm just trying to put this in an .sh file I can run as a cron job, and I'll worry about improving it later.)

  5. #5
    Join Date
    Jan 2007
    Location
    Wisconsin
    Posts
    2,120
    Sure--this may vary based on OS though. On CentOS, the following command will place test.file into a ZIP archive protected with password default:

    Code:
    zip -P default test.zip test.file
    You'll probably want to check the manpage for details on the version of ZIP that ships with your particular OS.

  6. #6
    Join Date
    Mar 2005
    Posts
    250
    That works great. Thanks!

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles