Support

Akeeba Backup for Joomla!

#8835 How is Amazon key info saved?

Posted in ‘Akeeba Backup for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Akeeba Backup version
n/a

Latest post by nicholas on Friday, 01 April 2011 09:39 CDT

Thursday, 31 March 2011 15:02 CDT

panchroma
I want to save backups to Amazon S3 for multiple clients.

Technically it's easy for me to backup to our own Amazon account, but is this a bad idea from a security standpoint, because our Amazon keys would be stored where clients could potentially view the details?

Is the best solution to create an Amazon account for each of our clients?

Thanks a lot!

Friday, 01 April 2011 00:35 CDT

nicholas
As you might have guessed, anyone with Configuration access to the site will be able to see the Amazon S3 key. Do note that the information is stored in the database encrypted, so they can't be simply dumped by an attacker, but anyone with access to Akeeba Backup's Configuration page can see them. There are two different workarounds:

1. If you control the sites, you can use the Access Control feature of Akeeba Backup to forbid access to the configuration for everyone except yourself. However, if someone simply creates a new Super Administrator they'll be able to get the Amazon keys.

2. (Recommended). Create a new Amazon AWS user (it's free) and give him write only access to your bucket. You can optionally set up IAM policies like this user did for added security. So, even if someone does get hold of the access keys he will only be able to write to the bucket, not download backup files.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Friday, 01 April 2011 05:48 CDT

panchroma
Perfect, thank you!

Friday, 01 April 2011 09:39 CDT

nicholas
You're welcome!

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!