Quoting Thomas Hochstein ([EMAIL PROTECTED]): > That is not a good idea in a typical hosting environment; if you push > your backup and the machine to be backupped is compromised, the > attacker has access to your backups too because the automatic backup > process has to have the necessary credentials (unless you want to type > in the credentials every hour/day/week by hand, which is not very > feasible).
Remedy: If backups are set up cleverly using SSH public keypairs, all the intruder can do is re-run the backup job. (You would therefore want to have backups land on a dedicated filesystem, on the backup target host.) Details: "SSH Public-key Process" on http://linuxmafia.com/kb/Security/ -- Cheers, Rick Moen "Anger makes dull men witty, but it keeps them poor." [EMAIL PROTECTED] -- Elizabeth Tudor -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
