Jump to content


Welcome to the forum:

Welcome to the iThemes, PluginBuddy and WebDesign.com forum. We've created several tutorial video's to help you get you started with using the forum, please check them out!

Also take note of the forum guidelines.


Support hours:

Our moderators actively respond to forum support requests during normal business hours which are Monday-Friday, 8am - 5pm Central Standard Time, typically within one business day. Although some moderators choose to work during the weekends, we can not guarantee immediate attention to your requests. Thanks for understanding.

What is included with support:

Premium support includes theme/plugin issues such as: bugs encountered under normal operation, how to use basic features, basic WordPress help, and basic help with customization (meaning we point you to resources and will help in more depth as time allows). More information.

information

Backupbuddy Requires Dangerous Php Function

php exec backupbuddy

This topic has been archived. This means that you cannot reply to this topic.
9 replies to this topic

#1 Guest_Mark B._*

Guest_Mark B._*
  • Guests

Posted 06 January 2012 - 03:15 PM

Hi,

I've noticed that, to work properly, BackupBuddy requires the PHP exec function. However, many hosts (including us) disable this function for security reasons. Experts generally say that the exec function is a very dangerous thing that opens a huge security hole for hackers.

Is there any way that BackupBuddy can work to its fullest extent without requiring this dangerous function?

Thanks,

Mark

#2 Dustin Akers

Dustin Akers

    Moderator

  • Moderators
  • Others: All Plugins, All Themes
  • 18,498 posts

Posted 06 January 2012 - 05:12 PM

Hi Mark,

No, not its fullest capabilities. PHP's zipping functionality is extremely limited so if exec() is unavailable then we must use a PHP-script-based implementation, PCLZip. Which BackupBuddy will use if it must, but this is extremely inefficient (read SLOW and memory-hogging). Command line zip is magnitudes more efficient, fast, and requires less resources.

We offer an 'alternate zip' method that allows most features to function when using PCLZip but it significantly reduces the size of backups that can be created within a given time limit such as the maximum PHP runtime that is often set to 30 seconds. If you are unable to use exec() you can use this as an alternative but it will be far less functional. This is an unfortunate technical issue with PHP.

-

While exec() is potentially dangerous it is indeed possible to configure server security to permit its safe operation. Many hosts offer exec() support such as Hostgator. It is indeed a more sensitive issue than most functions though as any security holes in permissions and such are then more easily accessible.

We do our best to make BackupBuddy perform the best it can without exec() but there are severe technical limitations of PHP.



Thanks,
-Akers
Welcome to the forums. Be sure to post your questions in the correct forum and don't forget about the new and improved search function located in the top right of the forum pages. The gear/wheel symbol next to the search box will give you more options for advanced searching. Thank you and have a nice day.
PRAISE LORD HELIX

#3 Guest_Mark B._*

Guest_Mark B._*
  • Guests

Posted 06 January 2012 - 05:53 PM

Thanks.

Quote

While exec() is potentially dangerous it is indeed possible to configure server security to permit its safe operation.


Can you point us to any tutorials or other documentation on setting it up this way?

Thanks,

Mark

#4 Dustin Akers

Dustin Akers

    Moderator

  • Moderators
  • Others: All Plugins, All Themes
  • 18,498 posts

Posted 09 January 2012 - 12:16 PM

Hi Mark,

In general it is that the users just need to be isolated so that they cannot run things they don't have permission to use or access. Though how to exactly set it up is beyond the scope of our support.


Thanks,
-Akers
Welcome to the forums. Be sure to post your questions in the correct forum and don't forget about the new and improved search function located in the top right of the forum pages. The gear/wheel symbol next to the search box will give you more options for advanced searching. Thank you and have a nice day.
PRAISE LORD HELIX

#5 Guest_Rob_*

Guest_Rob_*
  • Guests

Posted 20 January 2012 - 11:25 AM

I'm new to this forum. I'm preparing just purchased the developer suite and preparing to use backup buddy for the first time.

I'd like to reiterate what Mark asked for.

How will a user know if the PHP exex function is disabled and also how do we make BackupBuddy to use the slower alternative.

I have wordpress sites on GoDaddy and 2 other small hosting companies and concerned about this issue.

Thanks!
-rob

#6 Dustin Akers

Dustin Akers

    Moderator

  • Moderators
  • Others: All Plugins, All Themes
  • 18,498 posts

Posted 20 January 2012 - 03:14 PM

Hi Rob,

There are three ways you can check if the server has exec.
1. Can ask host, they should be able to tell you if it has PHP's exec() function and permission to run linux's zip command. And at the same time can then ask them to enable it if they say the server doesn't ;)
2. The free plugin ServerBuddy can show you if you have exec as an available zip method.
3. You can run this zip tester on the site: http://ithemes.com/codex/page/File:Zip_test.zip

You don't have to tell it to use the slower mode (compatibility mode) so don't worry about that, if BackupBuddy finds it can't run with exec like it would prefer it automatically tries to switch down to the slower mode.


Thanks,
-Akers
Welcome to the forums. Be sure to post your questions in the correct forum and don't forget about the new and improved search function located in the top right of the forum pages. The gear/wheel symbol next to the search box will give you more options for advanced searching. Thank you and have a nice day.
PRAISE LORD HELIX

#7 Guest_Zoe_*

Guest_Zoe_*
  • Guests

Posted 21 January 2012 - 07:45 AM

Is it possible to opt in to use the less efficient, safer process of zipping even if you have the exec function enabled?

#8 Dustin Akers

Dustin Akers

    Moderator

  • Moderators
  • Others: All Plugins, All Themes
  • 18,498 posts

Posted 21 January 2012 - 11:10 AM

Hi Zoe,

If exec is set up correctly then it is perfectly safe, but yes; there is an option to force BackupBuddy to use the slower compatibility mode.


Thanks,
-Akers
Welcome to the forums. Be sure to post your questions in the correct forum and don't forget about the new and improved search function located in the top right of the forum pages. The gear/wheel symbol next to the search box will give you more options for advanced searching. Thank you and have a nice day.
PRAISE LORD HELIX

#9 Guest_Zoe_*

Guest_Zoe_*
  • Guests

Posted 24 January 2012 - 08:29 AM

ok - so if I go to my host to find out how safely this function has been set up (providing its enabled) - what questions do I need to be asking?

I really want to buy your full package but almost every client grills me about security so I have to be 100% sure its secure for clients on my server!

Cheers :)

#10 Dustin Akers

Dustin Akers

    Moderator

  • Moderators
  • Others: All Plugins, All Themes
  • 18,498 posts

Posted 24 January 2012 - 02:40 PM

Hi Zoe,

Quote

Is the exec() function accessible via PHP? Specifically I need to be able to run the zip command via exec(); (or alternatively proc).

The host should know which each part of it means and that it being set up right with users isolated so that they cannot run things they don't have permissions to use or access.


Thanks,
-Akers
Welcome to the forums. Be sure to post your questions in the correct forum and don't forget about the new and improved search function located in the top right of the forum pages. The gear/wheel symbol next to the search box will give you more options for advanced searching. Thank you and have a nice day.
PRAISE LORD HELIX