I really don't think this is a good move. It's the prime way for admins to make off-site db backups from the web interface; you should at least keep the option to do this (enabled e.g. through config.php or so). This kind of "hardening" is trying to mitigate poor administration or staff organization; that shouldn't be phpBB's task. Board operators should instead make sure they have 1 or maybe 2 admins at most that have that level of access, and enforce proper security practices for those accounts.the removal of the functionality to download database backups
I am not talking about what is the best or the worst.
But what is the problem, that you need one more step to download the backup then from the store/ folder?wolfbeast wrote: ↑Mon Apr 29, 2019 10:21 amI really don't think this is a good move. It's the prime way for admins to make off-site db backups from the web interface; you should at least keep the option to do this (enabled e.g. through config.php or so). This kind of "hardening" is trying to mitigate poor administration or staff organization; that shouldn't be phpBB's task. Board operators should instead make sure they have 1 or maybe 2 admins at most that have that level of access, and enforce proper security practices for those accounts.the removal of the functionality to download database backups
stevemaury wrote: ↑Sun May 20, 2018 8:16 pmI went to your board and looked for an hour or so, but did not see the women without underwear.
You can still backup the database via ACP, just not download it anymore via ACP. So when a hacker get access to your admin/founder account, he cannot download/steal the database. And that's where the most important information is being stored. You can now simply download it from theinvenio wrote: ↑Mon Apr 29, 2019 6:35 pmGlad to see a new version out.
As a non-IT person. Can somebody explain what the security advantage is without being able to download the database from ACP? If you have admin privileges, you can do whatever you want to the board (ie read any posts, delete anything, etc.)? I was using this to backup my board database and just don't understand the security issue. Not criticizing, I just don't understand it.
/store
folder.