Requests | Blesta

Requests

Backups encryption

Alk shared this idea 3 years ago
Under Consideration

Given the personal data that Blesta installations hold, in line with data protection laws, it would be appropriate for the backups feature to have encryption.

Whilst the servers where Blesta are installed are likely to have extra security safeguards in place, the offsite backup locations are less likely to have the same security setups. Additionally, data may be offloaded to a different organisation which can create additional complexity. If the data were packaged encrypted, only the Blesta installation owner would have access to the data, negating any data protection issues with where the data is being offloaded to as part of the backup.

Comments (6)

photo
2

Encrypting a large amount of data on the fly with PHP is not feasible as it's incredibly slow. However, it might be possible to use openssl on the linux system to perform the encryption, prior to securely transferring it to a remote location. I found this article that describes that https://blog.cavebeat.org/2016/02/encrypted-backups-with-secure-mysqldump/

photo
1

Also need ability to delete the backups without having to access through FTP

photo
1

Delete them how?

photo
1

Specifically, via the admin dashboard for the backups.

There should be a list of the backups and the ability to delete them as needed.

An alternative idea is to have a fixed amount of backups that can be created, and for the extra ones to be dynamically , auto-deleted from the server.

photo
1

Oh, I see.. you want to see and delete backups from the UI. Maybe also automatically delete backups older than a certain number of days?

The only problem with being able to delete backups is that if an attacker gained access to your server, they could easily delete backups.

photo
1

If they gained access to the server they could do this with or without the UI .

photo