As with every software which can access your site as a whole, JoomlaPack needs to control who's got access to its backup functionality. Due to the lack of a thorough ACL mechanism in Joomla! 1.0 and 1.5, we have decided to make the administrator (back end) of this component available by default to the Super Administrators only. This group of people already has infinite access to the access, making them the ideal candidate for backup operators. You can change this default behavior in the component's Configuration page.
The front end backup feature is a different story. Since it has to be available to unattended scripts, a different approach was taken. Instead of requiring the user to have logged in with Joomla! it uses a simple "secret word" authentication model. Because this "secret word" is transmitted in clear text we strongly advise against using it over anything else than a local network (for example, an automated tool running on the same host as the web server). If you have to use it over the Internet we strongly advise using a secure protocol connection (HTTPS) with a valid commercially acquired certificate.
JoomlaPack 2.0 onwards is using the same temporary directory as
Joomla!. This is normally a directory named "tmp"
on your site's root. The temporary files are short-lived, unless a
fatal PHP error or a loss of connection abruptly halts JoomlaPack's
operation. In this case, the temporary file will not be deleted before
a new backup is attempted, or you visit the JoomlaPack Control Panel
page.
![[Important]](/images/stories/docimport58/important.png) | Important |
|---|---|
The only temporary files JoomlaPack uses are database dumps and internal state information data. Unauthorised access to them can lead to leakage of sensitive information or could be used to facilitate compromising your site's integrity. |
To this end, it is sane to restrict the access to the temporary
directory. If you can't use an off-site temporary directory, we
srongly advice disabling direct web access to this directory. This can
be done by creating an .htaccess file on the
directory with the following contents:
deny from all
By default JoomlaPack uses a non secure location to store its
backup files, within your site's file system hierarchy, namely
administrator/components/com_joomlapack/backup.
This location is well known and can be - theoretically - accessed
directly from a web browser. Since the backup output directory stores
the results of your backup attempts, that is SQL files containing
database backups and archive files containing all of your site, a
malicious person with access to this location could steal sensitive
information or compromise your site's integrity.
The first line of defense, employed by JoomlaPack 1.2.1 onwards, is to use mangled, hard to guess, names for the SQL backup. However, in the era of multi-MBPS xDSL Internet connections and scripting, it wouldn't take an attacker that long to figure out the filename. Remember: security through obscurity is no security at all!
As a second line of defense, JoomlaPack includes a secure .htaccess on the default backup output directory to disable direct web access. However, this is only possible on Apache-powered web servers which allow the use of .htaccess files. You should check with your host to ensure that this kind of protection is possible on your site.
However, this is not enough. Security experts argue that storing backups within the potentially vulnerable system itself might be a security risk. It is possible that a malicious person could gain access via other means. Think of a simple scenario. You have an Administrator with a weak password a hacker eventually guesses. Now the hacker can log in to your site, but doesn't have access to JoomlaPack. Despite that, you have installed a file administration component which allows administrators to browse the site's file system and download files. How long would it take before your site got compromised? Right. Not very long indeed!
The best approach is to use a directory which is outside your web server's root. By definition, this is not directly exposed to the web and is usually unavailable to file administration utilities.
If you are really paranoid about securing your site's backup files - like we are for our own sites! - you can use JoomlaPack Remote (part of our JoomlaPack Native Tools package). Remote is a desktop application for Microsoft Windows™ which allows backing up your site from your desktop, with options to automatically downloading the backup archive and remove the server's copy of this file.
Whenever you download your backup files you can fall prey to a malicious user. Backup files are transferred unencrypted (unless you access your site's administrator section through the HTTPS protocol). It is posible for a resourceful hacker to launch a man-in-the-middle attack. In such a case, whatever you download from your site will be directed to the hacker's computer before reaching yours.
To avoid such insecure scenarios, we advise against using the button in the backup administration page, unless you are using the secure HTTPS protocol with a signed certificate. We suggest that you use Secure FTP (SFTP) instead. Avoid using the plain old FTP, because your password and data are transmitted in clear text (unencrypted) over the Internet. Sometimes, your host will allow secure access to a web based control panel which has a file download feature. You could use this, it's as safe as it gets.
There is also another reason why not to use the button in the backup administration page. Your host neither discriminates the back end and front end pages of your Joomla! site, nor your IP from the rest of the world. As a result, every time you use the Joomla! back end, the data transferred counts towards your monthly bandwidth quota. Backup archives are large, sometimes in the hundrends of megabytes. Transferring them through the Download feature will incure a huge loss on your monthly bandwidth quota. Using secure FTP or your host's control panel does not count through the bandwidth quota and should be used instead. Finally, the Download feature doesn't work with all possible configurations and has objective problems with handling of very large archives; this is a technical limitation which can not be overcome in the PHP level JoomlaPack operates.
| Important |
|---|---|
The preferred and suggested method for downloading your backup files - for several reasons - is using FTP in BINARY mode, preferably over an encrypted connection. Alternatively, you can use JoomlaPack Remote (part of our Native Tools package) which uses this approach when downloading backup archives. |
