Hello,
I understand the security reasons behind some choices of the developers, but IMO it is a real pity that the possibility of downloading the backup from the acp maintenance panel has been removed.
I found that function very useful and fast to use, and thanks to it in the past I resurrected my board more than once using the last backup previously saved on my PC to load it directly into the database when even the acp was no longer usable.
I hope that it will be implemented again in future releases of the board, perhaps with more security measures, such as an additional password dedicated exclusively to that function.
I am also not exactly sure about what security risk this poses as if they get access to the admin account, they can pretty much read/change/delete anything on the board anyway. But I'm not an IT expert so maybe there is some security flaw that I am not aware of with downloading the DB.
I was using the direct download for my backups. I can save it manually and download with FTP so it's not a major issue, just an extra step I didn't have to take before.
The database contains the whole data from your forum. members, email addresses, posts, settings etc... someone who hacks your account can duplicate/steal you whole forum with that database, and have access to your members personal data.
Yes, I was aware of that. But as a founder account, I can access members email address, posts, and setting (through the board and ACP) without having to download the database. Is it that downloading the database would just make it less laborious to collect all this data via the phpbb web interface?
There is a lot of data in the database not accessible from the ACP. PMs, for example. It would be difficult to impossible to reconstruct the database via the ACP alone.
I can stop all your spam. I can upgrade or update your Board. PM or email me. (Paid support)
Agreed. And even though their goal is probably not literally "database reconstruction" but just generally "obtain the information", to get "everything" you'd have to be prepared to scrape a bunch of different pages in ACP per user to collect that info, and hope that your compromised account and online access utilization of the live board will go undetected until you're finished scraping thousands of users and posts.
Database download gives you all of that in seconds, without necessary preparation, and in one shot; 100% of data compromised, in little to no time.
And as Steve said, there are important things they wouldn't be able to collect using the ACP, either. For example, if they wanted to collect and test against the password hashes of the user accounts; you can't "see" or "get" that through ACP, but it's in the database. And as mentioned, there isn't a path in standard phpBB ACP to read a user's private message inbox or outbox.
Overall, even though I agree that "it seems weird that there isn't a secure way to do that", it also seems like a good compromise to have implemented a change that requires "the intruder will need to have compromised your actual hosting account, too" in order to easily get "everything." Versus "having compromised phpBB alone is enough" to have enabled such a quick and complete "hit & run" data exposure.