Hy, i tried this great program urbackup 1.2.2 - it works for me - but what i did not understand is that why there is no security for the restore process?
For me it looks like that everybody in the same subnet is able to restore everything with the bootcd - so if you backed up for example 5 clients - somebody is able to acces the HDD images from every single PC - i can’t believe that this is by design - can anybody help ? perhaps i must do some settings on the server ??
Kind regards werner
Sorry, currently that is the case (for historical reasons). Now that someone complained, I’ll have to add a user authentication for that part as well (Issue US-13).
I think for the first implementation it is enough to protect the backups with a master password - perhaps it is possible in the future that a muliple user authentication with ldap connectivity can be implemented.
Perhaps it is also possible to group computers for different accounts - so somebody can restore 5 pc out of 100 and other presons can restore 100 out of 100 and so on.
Keep up your great work !
PS: for me it maybe works when place the Urbackup Server behind a firewall and backup the clients only in Internet Mode - so nobody can access the subnet behind the firewall
I’ll just have to add a new right to the (rather rudimentary) rights system. This would cover the cases where you set up one user to be able to restore all images or only images of certain clients.
Internet mode will help. If you don’t trust the local network you should use it anyways, as otherwise the connection is not encrypted. It’s quite easy to capture unencrypted traffic on local networks (e.g. via ARP spoofing).
Do anybody know when the Password protection will be implemented ? -If the password protection is working then the program is is much more usable in my enviroment.
Kind regards
I just added it to 1.3. It’s here if you want to test: http://sourceforge.net/projects/urbackup/files/WorkInProgress/