[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bacula-devel] Bacula and security.

On Mar 17, 2008, at 5:31 PM, Sebastian Petruczynik wrote:

> Hello!
> I have the question to you in relation to the security.
> Let us assume the hypothetical situation that somebody is breaking  
> into
> to the workstation on which the backup is being done.
> There is a configuration file of the bacula client in which the  
> password
> of the bacula storage is there after all.

This is incorrect.

The password on a bacula client is for bacula-fd.  It is used by
bacula-dir to contact the bacula-fd.

I think this renders the rest of the questions moot.

> Whether if somebody installed the bacula director on this station,
> could he this way configure the whole in order to recover the  
> backup on
> the other workstation,
> on which the backup is also being done?
> Or if I am using TLS encoding and the hacker could not install the
> director (because there is no signed certificate)
> whether could having the certificate in the customer somehow or  
> other to
> control the bacula storage?
> I mean uncovering the communications protocol out between the bacula
> client and the bacula storage here.

Dan Langille -- http://www.langille.org/

This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
Bacula-devel mailing list

This mailing list archive is a service of Copilotco.