Support

Akeeba Backup for Joomla!

#14005 Exclude Database Connection Information from Backup

Posted in ‘Akeeba Backup for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Akeeba Backup version
n/a

Latest post by nicholas on Monday, 05 November 2012 06:10 CST

Monday, 05 November 2012 04:57 CST

user66245
Mandatory information about my setup:

Have I read the related troubleshooter articles above before posting (which pages?)? Yes
Have I searched the tickets before posting? Yes
Have I read the documentation before posting (which pages?)? Scanned it.
Joomla! version: 2.5
PHP version: 5.2
MySQL version: >5
Host: 1&1
Akeeba Backup version: most recent

Description of my issue: Hey, just a quick question which I couldn't find in the documentation. If I do NOT want the database connection information like the database password to be included in the backup. How do I do that?

What I want is, that my client needs to insert his own database information, once he restores the site on his own server.

Is it possible to still use the Akeeba Backup Installer Script?

Thank you!

Monday, 05 November 2012 05:12 CST

nicholas
You don't have to do anything. Akeeba Backup is primarily designed as a means to transfer site. The "backup" part is just a subcase of site transfer where the source and target server are the same. As a result the integrated restoration script (Akeeba Backup Installer) is smart enough to understand when you are restoring to a different location than the one you backed up from and propose you to blank out the database details, asking you to enter your new database connection information. Simple :)

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Monday, 05 November 2012 05:21 CST

user66245
Thank You Nicholas for your fast response. Just one more question. Is the database password, which is included in the installation script, secured in anyway, so my client, which I send the restauration package to cannot just extract the files and read the database password in plain text, like I can if I open the configuration.php file with a text editor?

I wouldn't want my clients to have access to our development servers database.

Thank you for your support.

Monday, 05 November 2012 05:24 CST

nicholas
No, the password is contained in plaintext in two places:
- The backed up configuration.php file
- The installation/sql/databases.ini file generated inside the archive
I would recommend adding a new user to your development database, change configuration.php to use this new user and then back up your site. After the backup is complete you can revert to your old user and remove this temporary database user.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Monday, 05 November 2012 05:36 CST

user66245
Thank you Nicholas. Maybe this would be an useful feature to add in future versions, because it would allow us to send site installation packages to unknown clients, with just a small piece of documentation.

Unfortunately our webhosting package does not allow the creation of new database users. Is it possible to manually delete the password out of the configuration.php and the database.ini file and still restore the site without major complications?

Thanks.

Monday, 05 November 2012 05:44 CST

nicholas
I will have to think about adding such a feature. It would cause two major issues:
1. The configuration.php not being present you lose more than just your database connection information. Editing the configuration.php on the fly (while backing it up) is not possible without tying up Akeeba Backup to specific versions of Joomla!. This is not desirable as it will make it extremely hard to provide a consistently functional component for different Joomla! versions.
2. The databases.ini file is used as a means to convey the number and names of backed up databases to the restoration script. Perhaps we blank out the username and password, but that's all we could do.

You can, however, take a backup and extract it locally. Then edit the configuration.php and installation/sql/databases.ini files manually. ZIP the results in a standard ZIP archive with normal compression (don't use any fancy compression options). Using your operating system's built-in folder compression works best! The resulting ZIP archive should be extractable by Kickstart, just like a regular ZIP-format archive file generated by Akeeba Backup.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Monday, 05 November 2012 05:51 CST

user66245
Thank you Nicholas, this fix will be sufficient for us for the moment.

If we have more of these cases in the future, we might be willing to pay you for adding this functionality (I see your concerns, you listed above. Maybe the feature should be turned off by default).

Is this something you would consider, or do you have a very strict development roadmap?

Monday, 05 November 2012 06:10 CST

nicholas
There is a specific development roadmap, but maybe I can sneak this feature in. I'm adding a to-do list item and I can tentatively promise to include it in the next or second next version of Akeeba Backup.

The way this feature will most likely work is this: When enabled, the databases.ini file will not contain the connection username and password. You will have to exclude the configuration.php file manually, using the Files and Directories Exclusion. That is, unless I implement a feature in Akeeba Engine which allows dynamic editing of files while they are being backed up. I am not sure I want to implement that kind of feature due to performance concerns (it would add a lot of overhead to the backup process).

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!