Uhm, I don't even run ftp on my server. What ftp details am I supposed to enter? I send things to my server via scp.
Then you'll just get an email.
Actually, that reminds me I forgot to add the logAction/emailAdmin to the package manager as well. :-\
I knew I missed something...
Anyway, I guess we can add some "hidden" setting similar to $db_show_debug that added to Settings.php allow to disable the FTP request.
sorry for the OT, the backups from elkarte are working good? I remember on SMF it was not indicated to take backups from admin panel, specially on big forums
So I just checked an even though ftp is disabled on my server I can download the database. I'm not sure what problem this is trying to solve. ftp credentials are obviously stored somewhere on the server, just outside the http accessible tree typically. But generally the advice I hear is drop ftp for sftp or scp so why move elk to be dependent on ftp?
Elk is using the code I wrote for SMF 2.1 (before the code was removed) and it works better than SMF.
The only situation it is likely to provide a broken backup is if the server times out. The code tries to detect any problem with timeouts and even prohibits the download, but it's not always possible.
Did you use the code I pushed to the patch_1-0-2 branch?
This is neither in 1.0, nor in 1.0.1, it will be in 1.0.2.
Let's just imagine the simple one: an admin account is hacked, the hacker can download the database with everything inside.
Not nice.
Or, an admin account is hacked, the hacker uploads a package or edits a theme file with malicious code that allows him to basically do whatever he likes.
Not nice. (And this has already been exploited on sm.org no more than 1 year ago, so it's not theory, but an unpatched vulnerability.)
Asking an additional pair user/password is just a security measure. Mostly like a two factor authentication.
As I said before, I can't rely on anything that is "available" to ElkArte (the database pwd is stored in plain text in Settings.php, at the moment it's not possible to see the content of Settings.php from within Elk admin panel, but it's not reliable): I can't do a real two-factor authentication (i.e. send a token to the member contact) without having to implement it for changing admin profiles as well (otherwise the hacker could just change the email in the profile), and on any kind of "promotion" to admin (otherwise the hacker could just put another member in an admin or admin-like group).
It is doable, but honestly not at this time, maybe for 1.1 (and I seem to remember
@TE already proposed it (two-factor auth for certain operations) a while ago for 1.1).
Mailing admins on editing themes (and as soon as I get few minutes installing packages as well) is just ... well, a way to tell them the horses have bolted, not a real solution.
Yes, ftp data are written somewhere on the server, though hopefully not in a place that can be changed with a php script. And if we are lucky enough, not in plain text (usually some kind of hash).
I'm just trying to make it more secure (or less insecure provided that the option of removing any "easy spot" like file editing is not an option). ;)
Because it's already there.
In future there is space to use something different. ;)
It just seems there should be another place to get a second password. Why not put a hashed one in the settings file? Or even the int the database. Then this secondary password is used to protect changing php files or downloading the database. If they can pull the hashed password out of the database without supplying the password then they can probably pull the whole database anyway. And then you're not dependent on something outside of Elk that is quite likely disabled on more security conscious servers.
https://github.com/elkarte/Elkarte/pull/1889 ;)