Logic Machine Forum
export ftp backup security - Printable Version

+- Logic Machine Forum (https://forum.logicmachine.net)
+-- Forum: LogicMachine eco-system (https://forum.logicmachine.net/forumdisplay.php?fid=1)
+--- Forum: Scripting (https://forum.logicmachine.net/forumdisplay.php?fid=8)
+--- Thread: export ftp backup security (/showthread.php?tid=5284)



export ftp backup security - domotiqa - 05.03.2024

Hi,
I would like to backup every month the LM  of all my customer.

Can you give advice in order not to have security issue.
I was thinking about encoding the password, but it's still quite simple to revert the ftp password with basic IT skills.
I don't want people who have acces to the admin part to be able to take control of the ftp.
regards

Code:
-- load the ftp support
local ftp = require("socket.ftp")
local ltn12 = require("ltn12")

-- ftp to NAS
f, e = ftp.put{
  host = "xxxx",
  user = "xxxx",
  password = "xxxx",
  type = "i",
  argument = target,
  source = ltn12.source.file(io.open(dst, "rb"))

}
if (e) then
  log (e)
  log (f)
  alert("Could not ftp: ", e, "\n")
end
log("ftp_backup")



RE: export ftp backup security - admin - 05.03.2024

You can place the code inside a user library and disable "Keep source" and keep "Auto load library" disabled. Then in your code you can simply call require('user.backup')
The password can still be recovered from the backup but it will be harder since the library file will be in Lua bytecode format.

You should also limit the user rights on FTP by providing a write-only access. Another thing to keep in mind is that FTP is plain text protocol without any encryption by default. See this for more info on how to enable encryption if the web server supports it: https://forum.logicmachine.net/showthread.php?tid=1002&pid=5850#pid5850 (package update is not needed)


RE: export ftp backup security - domotiqa - 06.03.2024

(05.03.2024, 12:59)admin Wrote: You can place the code inside a user library and disable "Keep source" and keep "Auto load library" disabled. Then in your code you can simply call require('user.backup')
The password can still be recovered from the backup but it will be harder since the library file will be in Lua bytecode format.

You should also limit the user rights on FTP by providing a write-only access. Another thing to keep in mind is that FTP is plain text protocol without any encryption by default. See this for more info on how to enable encryption if the web server supports it: https://forum.logicmachine.net/showthread.php?tid=1002&pid=5850#pid5850 (package update is not needed)

ok thanks, I still learn functionnality Dodgy

Our OVH provider only do sftp, not ftps... sad