[TYPO3-english] Must I do a backup of the Temp Files from RSA-Auth?
Dmitry Dulepov
dmitry.dulepov at gmail.com
Tue Dec 8 09:31:02 CET 2009
Hi!
On 05/12/2009 16:49, Jörg Klein wrote:
> I did an upgrade to TYPO3 4.3 and also installed saltedpasswords with
> rsaauth.
>
> When you install rsaauth, the extension tells you that you have to create a
> folder for temporary data, which is located outside the website root and
> which has its permissions set to 700.
>
> I have two questions about that folder:
> 1. Since it is obviously needed, it should also be included in a backup of
> the installation, right?
No. They are ~temporary~. Nothing ~temporary~ needs backing up.
> 2. Why is putting it inside the website root insecure? It would make backing
> it up and restoring it easier...
Because your keys can be obtained by the attacker and used to login to your site.
--
Dmitry Dulepov
"Trust me, I am a doctor!" (c) Gregory House, M.D.
More information about the TYPO3-english
mailing list