Hello,
Regarding the developer license for BackupBuddy, for an implementation where a developement firm would delpoy backup buddy on multiple client websites:
1) it is possible to specify wihch directory in dropbox (or amazon s3) that the client 's data would go to (e.g. client 1 data goes to dropbox/client_1 and client 2 data goes to dropbox/client_2?
2) assuimg the client sites are backed up to the firm's dropbox account, in doing this, would the firm's dropbox credentials be accessbile on the client installation? For exampe, if the client logs in to simply add a post to their wordpress site, and then gets curious and browses to the backup buddy plugin area, would they be able to get the credentials for the firm's dropbox account?
Thank you for your time!
0
Backup Buddy For Client Installs And Security
Started by
Guest_HelpSpa_*
, May 27 2012 07:38 AM
backup buddy
2 replies to this topic
#2
Jeremy Trask
-
- Moderators
- Others: All Plugins, Builder, Members, Toolkit
-
- 7,094 posts
Moderator
Posted 28 May 2012 - 07:57 AM
Hi HelpSpa
Thanks for your enquiry concerning BackupBuddy.
1) yes, for Dropbox you can specify a directory for a destination and for S3 you can specify a bucket and a "directory" (of course it isn't actually a directory in the real sense but can be considered as such). Also a site can have multiple destinations defined of the same and/or different types.
2) For Dropbox each site should be separately authenticated with Dropbox and each site stores the necessary authentication tokens and not the login credentials. Please consider though that Dropbox is inherently a "single-user" solution so there are no security measures (that I know of) that enable you to "ring-fence" particular directories. Having authenticated access to the Dropbox account storage means that a "curious" client could in theory try and access directories other than that initially configured (this isn't anything to do with BackupBuddy but merely the way Dropbox access works).
For the kind of application you are describing I would suggest that S3 would be a better choice as you can use the IAM dashboard to create specific client identities and access credentials and then create client specific S3 buckets (and directories therein as required) with user and/or bucket policies to control what each specific identity can access and you can also rescind the access credentials at any time. This approach means that your main login credentials for the S3 account are _never_ revealed and you retain much more control over each client and their backup storage. You will be able to get more information about IAM, user policies, etc. from AWS documentation and the BackupBuddy forum is there for you to get additional BackupBuddy specific advice.
Regards...jeremy
Thanks for your enquiry concerning BackupBuddy.
1) yes, for Dropbox you can specify a directory for a destination and for S3 you can specify a bucket and a "directory" (of course it isn't actually a directory in the real sense but can be considered as such). Also a site can have multiple destinations defined of the same and/or different types.
2) For Dropbox each site should be separately authenticated with Dropbox and each site stores the necessary authentication tokens and not the login credentials. Please consider though that Dropbox is inherently a "single-user" solution so there are no security measures (that I know of) that enable you to "ring-fence" particular directories. Having authenticated access to the Dropbox account storage means that a "curious" client could in theory try and access directories other than that initially configured (this isn't anything to do with BackupBuddy but merely the way Dropbox access works).
For the kind of application you are describing I would suggest that S3 would be a better choice as you can use the IAM dashboard to create specific client identities and access credentials and then create client specific S3 buckets (and directories therein as required) with user and/or bucket policies to control what each specific identity can access and you can also rescind the access credentials at any time. This approach means that your main login credentials for the S3 account are _never_ revealed and you retain much more control over each client and their backup storage. You will be able to get more information about IAM, user policies, etc. from AWS documentation and the BackupBuddy forum is there for you to get additional BackupBuddy specific advice.
Regards...jeremy
"Everything will be all right in the end. If it isn't all right yet then it isn't the end."
#3 Guest_HelpSpa_*
Guest_HelpSpa_*
-
- Guests
Posted 29 May 2012 - 11:28 PM
Thanks for the very detailed response. I'm in the process of trying to find that "WoirdPress backup solution for firms managing multiple clients without worrying about gaping security holes" problem and your insight is helpful. I will check out AWS docs as you suggested and then see how this all integrates with backupbuddy.
Reply to this Topic
ATTENTION
If this topic is marked RESOLVED or INFORMATION, or if you are NOT experiencing EXACTLY the same issue, please start a new topic to provide the details of your problem. If the solution provided doesn't work for you, you should start a new topic. If you feel this thread contains relevant information, you may include a link to it in your new topic. To ensure that we can process your support request efficiently, ALWAYS include a link to your site, and/or the page your request is related to. When posting your question or request on the forum, please be as concise and specific as possible. The shorter and more to the point you can make your request, the better.
For BackupBuddy related issues, be sure to include the status log from your most recent backup.
CLICK HERE to start a new topic in the Pre-sales and other inquiries forum.
Also tagged with one or more of these keywords: information, backup buddy
information
Public →
Pre-sales and other inquiries →
Legal InvoiceStarted by sylvie , 01 May 2013  invoice
|
|
|
||
Public →
Pre-sales and other inquiries →
Security Related QuestionStarted by Guest_Shawn_* , 15 Apr 2013 backup buddy
|
|
|
||
information
Public →
Pre-sales and other inquiries →
Some Questions Before Clicking 'purchase'Started by Guest_Joe Eglash_* , 05 Mar 2013 |
|
|
||
information
Public →
Pre-sales and other inquiries →
Best Theme For Wp E-Commerce?Started by Guest_James Brown_* , 04 Mar 2013 |
|
|
||
information
Public →
Pre-sales and other inquiries →
Back Up Buddy An Hosting OptionsStarted by Sanch , 18 Feb 2013 back up buddy, hosting
|
|
|
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
