Backup Buddy For Client Installs And Securitybackup buddy
Posted 27 May 2012 - 07:38 AM
Regarding the developer license for BackupBuddy, for an implementation where a developement firm would delpoy backup buddy on multiple client websites:
1) it is possible to specify wihch directory in dropbox (or amazon s3) that the client 's data would go to (e.g. client 1 data goes to dropbox/client_1 and client 2 data goes to dropbox/client_2?
2) assuimg the client sites are backed up to the firm's dropbox account, in doing this, would the firm's dropbox credentials be accessbile on the client installation? For exampe, if the client logs in to simply add a post to their wordpress site, and then gets curious and browses to the backup buddy plugin area, would they be able to get the credentials for the firm's dropbox account?
Thank you for your time!
Posted 28 May 2012 - 07:57 AM
Thanks for your enquiry concerning BackupBuddy.
1) yes, for Dropbox you can specify a directory for a destination and for S3 you can specify a bucket and a "directory" (of course it isn't actually a directory in the real sense but can be considered as such). Also a site can have multiple destinations defined of the same and/or different types.
2) For Dropbox each site should be separately authenticated with Dropbox and each site stores the necessary authentication tokens and not the login credentials. Please consider though that Dropbox is inherently a "single-user" solution so there are no security measures (that I know of) that enable you to "ring-fence" particular directories. Having authenticated access to the Dropbox account storage means that a "curious" client could in theory try and access directories other than that initially configured (this isn't anything to do with BackupBuddy but merely the way Dropbox access works).
For the kind of application you are describing I would suggest that S3 would be a better choice as you can use the IAM dashboard to create specific client identities and access credentials and then create client specific S3 buckets (and directories therein as required) with user and/or bucket policies to control what each specific identity can access and you can also rescind the access credentials at any time. This approach means that your main login credentials for the S3 account are _never_ revealed and you retain much more control over each client and their backup storage. You will be able to get more information about IAM, user policies, etc. from AWS documentation and the BackupBuddy forum is there for you to get additional BackupBuddy specific advice.
"Everything will be all right in the end. If it isn't all right yet then it isn't the end."
Posted 29 May 2012 - 11:28 PM