Remote Backup via SSL and with encrypted archives [Case 55650]

[cPanelDavidG]

Who has access to the backup file that it needs pass protected?

I believe this is an important question that needs to be answered.

On a related note, I have merged this thread into another thread whose remaining item that has not been forked off into a separate thread includes password-protected backups.

[lorio]

I believe this is an important question that needs to be answered.

Why should a password in a forum be hashed instead of being written in plain text?
Because sometimes you got hacked. And a backupserver can be hacked too.

We can talk about the concept how to allow different people to access backups and what kind of encryption
(asymetric vs. symetric) should be used.

Different backup concepts will not allow you to encrypt a whole archive. We might think about encrypting every single file or
make encrypting optional. There is always a tradeoff. I wonder why this thread is so old and still no encrypted transfer for backups is available out of the box. I think for developers the backup routines are an area where you only can loose ;-) You will be blamed for everything and nobody is thankful. No bells and whistles. The value proposition "Our backups really work" is seldom used in marketing. I have sympathy for the developers.

[cPanelDavidG]

Why should a password in a forum be hashed instead of being written in plain text?
Because sometimes you got hacked. And a backupserver can be hacked too.

We can talk about the concept how to allow different people to access backups and what kind of encryption
(asymetric vs. symetric) should be used.

Different backup concepts will not allow you to encrypt a whole archive. We might think about encrypting every single file or
make encrypting optional. There is always a tradeoff. I wonder why this thread is so old and still no encrypted transfer for backups is available out of the box. I think for developers the backup routines are an area where you only can loose ;-) You will be blamed for everything and nobody is thankful. No bells and whistles. The value proposition "Our backups really work" is seldom used in marketing. I have sympathy for the developers.

Thanks, I believe your reasoning is sound. I'll bring this up in the next meeting I have with our Product Manager.

[cPanelDavidG]

I spoke with our product manager about this. We are planning an overhaul of our backup system for version 11.34. Part of this is to have a pluggable system so you can control where backups are stored and transmitted and a few of the "backup plugins" that will ship include transmission over FTP, SFTP and SCP and of course local backups.

In the interim, with 11.31/11.32's new Standard Hooks system, you can hook the event that happens when backups are all done being transmitted and enter your own code to handle the encryption. Just remember not to store the encryption/decryption keys on that same remote server if you want the encryption to curb people from accessing the data within the backups. Documentation on this new hook is available at:

Package Account Functions | Standardized Hooks

[cPanelDavidG]

While we do not yet support this - with version 11.31 we did introduce hooks to allow you to set up encryption. Basically, after all the accounts of all the backups made are transferred to a remote server, you can trigger this hook and insert code to do the encryption you desire. Here's the documentation on this hook, part of our new Standard Hooks system:

Package Account Functions | Standardized Hooks

Just remember to not store the encryption/decryption keys on that same remote server, otherwise it might as well not be encrypted. Also, be mindful that this still presents a window where the data is stored remotely unencrypted.


In the medium-term, we are going to create a pluggable backups system which will natively come with the ability to transfer over SFTP and SCP, allowing you to have encryption while the data is being transmitted over the network.