[TYPO3-english] Must I do a backup of the Temp Files from RSA-Auth?

Dmitry Dulepov dmitry.dulepov at gmail.com
Tue Dec 8 09:31:02 CET 2009


On 05/12/2009 16:49, Jörg Klein wrote:
> I did an upgrade to TYPO3 4.3 and also installed saltedpasswords with
> rsaauth.
> When you install rsaauth, the extension tells you that you have to create a
> folder for temporary data, which is located outside the website root and
> which has its permissions set to 700.
> I have two questions about that folder:
> 1. Since it is obviously needed, it should also be included in a backup of
> the installation, right?

No.  They are ~temporary~. Nothing ~temporary~ needs backing up.

> 2. Why is putting it inside the website root insecure? It would make backing
> it up and restoring it easier...

Because your keys can be obtained by the attacker and used to login to your site.

Dmitry Dulepov
"Trust me, I am a doctor!" (c) Gregory House, M.D.

More information about the TYPO3-english mailing list