This forum uses cookies
This forum makes use of cookies to store your login information if you are registered, and your last visit if you are not. Cookies are small text documents stored on your computer; the cookies set by this forum can only be used on this website and pose no security risk. Cookies on this forum also track the specific topics you have read and when you last read them. Please confirm that you accept these cookies being set.
Logic Machine ForumLogicMachine eco-systemScripting v
export ftp backup security

Threaded Mode
export ftp backup security
domotiqa Offline
Member
Posts: 245
Threads: 37
Joined: Feb 2016
Reputation: 1
#1
05.03.2024, 12:43
Hi,
I would like to backup every month the LM  of all my customer.

Can you give advice in order not to have security issue.
I was thinking about encoding the password, but it's still quite simple to revert the ftp password with basic IT skills.
I don't want people who have acces to the admin part to be able to take control of the ftp.
regards

Code:
-- load the ftp support
local ftp = require("socket.ftp")
local ltn12 = require("ltn12")

-- ftp to NAS
f, e = ftp.put{
  host = "xxxx",
  user = "xxxx",
  password = "xxxx",
  type = "i",
  argument = target,
  source = ltn12.source.file(io.open(dst, "rb"))

}
if (e) then
  log (e)
  log (f)
  alert("Could not ftp: ", e, "\n")
end
log("ftp_backup")
-----------
FRANCE SMARTHOME & SMARTBUILDING INTEGRATION
SE ECO EXPERT
Find
Reply
admin Offline
Administrator
Posts: 7288
Threads: 40
Joined: Jun 2015
Reputation: 418
#2
05.03.2024, 12:59
You can place the code inside a user library and disable "Keep source" and keep "Auto load library" disabled. Then in your code you can simply call require('user.backup')
The password can still be recovered from the backup but it will be harder since the library file will be in Lua bytecode format.

You should also limit the user rights on FTP by providing a write-only access. Another thing to keep in mind is that FTP is plain text protocol without any encryption by default. See this for more info on how to enable encryption if the web server supports it: https://forum.logicmachine.net/showthrea...50#pid5850 (package update is not needed)
Find
Reply
domotiqa Offline
Member
Posts: 245
Threads: 37
Joined: Feb 2016
Reputation: 1
#3
06.03.2024, 07:08
(05.03.2024, 12:59)admin Wrote: You can place the code inside a user library and disable "Keep source" and keep "Auto load library" disabled. Then in your code you can simply call require('user.backup')
The password can still be recovered from the backup but it will be harder since the library file will be in Lua bytecode format.

You should also limit the user rights on FTP by providing a write-only access. Another thing to keep in mind is that FTP is plain text protocol without any encryption by default. See this for more info on how to enable encryption if the web server supports it: https://forum.logicmachine.net/showthrea...50#pid5850 (package update is not needed)

ok thanks, I still learn functionnality Dodgy

Our OVH provider only do sftp, not ftps... sad
-----------
FRANCE SMARTHOME & SMARTBUILDING INTEGRATION
SE ECO EXPERT
Find
Reply


Forum Jump: