Le 2013-07-01 17:07, Martin Simmons a écrit : >> It can be secured via ACL too. >> You can manage what a client has access to. >> >> And so, ensure no critical data pieces can be stolen through that >> way. > > Yes, that works as long as the Director is secure -- otherwise the > attacker > can just write their own ACL. > > __Martin
Hello, Obviously, if you can't trust your director anymore, you can consider all your clients AND YOUR DATA PIECES are not safe anymore. So, to harden the infrastructure : - secure the director at any cost - secure the console access from clients (FD) (ACL, or easiest, no console access) To speak about storage daemon, you have to be sure that even in the case data files could be retrieved, nobody will be able to read them. That means that if you are paranoïd, your tapes (physical or virtual) have to be crypted. HTH. Jerome Blion ------------------------------------------------------------------------------ This SF.net email is sponsored by Windows: Build for Windows Store. http://p.sf.net/sfu/windows-dev2dev _______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
