Hi,
Nice idea, but just some thoughts:
Olivier Nicole schrieb:
This interface is written in PHP (with a small part in Perl) and
should run on the Amanda server, under the Amanda user and group.
Is it a good idea to let a web based application run with access rights of the
user that collect the data of all my servers? Wouldn't it be better, at least
to set the rights of the files you edit so that the webserver user can only
change them? I think, if the webserver can edit .amandahosts (), a security
whole in your script may allow to add his computer and restore all data. It's
worse enough if only the passwords of the shares are stolen.
Also one point about your documentation:
> Step 4: Turn off the firewall
> In some case, Windows XP will not let you access to your PC with this
> interface. You must turn off your firewall.
Why having a firewall, if users (are told) allways deactivate them on every
problem? Isn't a firewall totaly useless, if it is deactivated (even if only
for a short time)? I think a better hint would be, to ensure, that subnet of
the server or better the backup host itself is only allowed to access the
share. Default for the file shares rule is "current subnet". This is normally
the problem, if the server is in a different subnet and can't access the client.
> Remember to reactivate the firewall when you are done with the configuration
> of the backup.
I guess it is only the connect to the file share that is made, right? Why it's
only neccessary to deaktivate the firewall during the configuration? If the
server can't reach the share because of firewall restrictions, isn't the
problem there on every backup?
Regards
Marc
--
Marc Muehlfeld (Leitung IT)
Zentrum fuer Humangenetik und Laboratoriumsmedizin Dr. Klein und Dr. Rost
Lochhamer Str. 29 - D-82152 Martinsried
Telefon: +49(0)89/895578-0 - Fax: +49(0)89/895578-78
http://www.medizinische-genetik.de
|