Stored password for FTP credentials is saved as plain text in database. I hope this is not the case for other remote services to copy backups to. Please verify and implement encryption.
[Invalid] Encrypt FTP password in database
1 Comment
Submit a Comment
You must be logged in to post a comment.
This request comes up from time to time, but reflects a faulty understanding of what encryption is and can do. For an unattended backup to a remote FTP server (i.e. one where you’re not present to type in an FTP password in real-time), the back-end has to have access to the password. If this is encrypted somehow, then the back-end has to have access to the decryption key, i.e., makes no difference at all.
If you are concerned about someone having access to your unencrypted database backups, then the solution to that is the feature to encrypt your database backups.
David