Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 General Discussions
Reload this Page Are you able to download the database directly from AdminCP?
FAQ Community Calendar Today's Posts Search

Reply
Page 2 of 3 1 2 3
 
Thread Tools Display Modes
  #11  
Old 12-06-2013, 04:50 PM
Max Taxable's Avatar
Max Taxable Max Taxable is offline
 
Join Date: Feb 2011
Posts: 3,134
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by Digital Jedi View Post
I guess it was useful for downloading individual tables, in addition to the CSV backup. But I don't think I've ever heard of anyone's site being compromised through that specific feature. I mean, once you have admin access, there's better ways into the server.
If you have only adminCP access, not really. It doesn't necessarily follow that those credentials get you into the server too.

I definitely agree with blind-eddie and you this was a major security flaw in v3.
Reply With Quote
  #12  
Old 12-06-2013, 05:40 PM
Zachery's Avatar
Zachery Zachery is offline
 
Join Date: Jul 2002
Location: Ontario, Canada
Posts: 11,440
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by Max Taxable View Post
If you have only adminCP access, not really. It doesn't necessarily follow that those credentials get you into the server too.

I definitely agree with blind-eddie and you this was a major security flaw in v3.
It would be pretty trivial to re-add the functionality via a creative plugin, or template, or a bit of both. So it all depends on how skilled an admin is and if you're giving them access to stuff like plugins/templates and trust them.

We removed the backup functionality because it was not dependable to create quality backups. Instead of spending additional time improving it, it was removed. We'd recommend that customer use better tools like the raw MySQLdump command line too, or software designed to do backups like mysqldumper.
Reply With Quote
3 благодарности(ей) от:
Max Taxable, ozzy47, Simon Lloyd
  #13  
Old 12-06-2013, 05:47 PM
Max Taxable's Avatar
Max Taxable Max Taxable is offline
 
Join Date: Feb 2011
Posts: 3,134
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
I'm not a fan of it so i am definitely not calling for it in v4 or v5.
Reply With Quote
  #14  
Old 12-06-2013, 05:47 PM
tbworld tbworld is offline
 
Join Date: Oct 2008
Posts: 2,126
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Thanks @Zachery, for the explanation.
Reply With Quote
  #15  
Old 12-06-2013, 05:54 PM
Digital Jedi's Avatar
Digital Jedi Digital Jedi is offline
 
Join Date: Oct 2006
Location: PopCulturalReferenceLand
Posts: 5,171
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by Max Taxable View Post
If you have only adminCP access, not really. It doesn't necessarily follow that those credentials get you into the server too.

I definitely agree with blind-eddie and you this was a major security flaw in v3.
No more or less secure than the ability to run queries from the Admin CP. Come to think of it, that's of those other ways in.
Reply With Quote
Благодарность от:
Max Taxable
  #16  
Old 12-06-2013, 05:55 PM
Max Taxable's Avatar
Max Taxable Max Taxable is offline
 
Join Date: Feb 2011
Posts: 3,134
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by Digital Jedi View Post
No more or less secure than the ability to run queries from the Admin CP. Come to think of it, that's of those other ways in.
Right but, being able to download the tables is unique to v3 and earlier. Plus, the ability to run queries must be permissioned in config file.
Reply With Quote
  #17  
Old 12-06-2013, 06:00 PM
Digital Jedi's Avatar
Digital Jedi Digital Jedi is offline
 
Join Date: Oct 2006
Location: PopCulturalReferenceLand
Posts: 5,171
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by Max Taxable View Post
Right but, being able to download the tables is unique to v3 and earlier. Plus, the ability to run queries must be permissioned in config file.
It doesn't seem to be something that was ever used, at least not proficiently. And it was in vB 3 as far back as I can remember. I'm not entirely sure it isn't tied to a script permission, but I'd have to check. It just seems like it was so unreliable not even hackers bothered with it.
Reply With Quote
  #18  
Old 12-06-2013, 06:02 PM
Max Taxable's Avatar
Max Taxable Max Taxable is offline
 
Join Date: Feb 2011
Posts: 3,134
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by Digital Jedi View Post
It doesn't seem to be something that was ever used, at least not proficiently. And it was in vB 3 as far back as I can remember. I'm not entirely sure it isn't tied to a script permission, but I'd have to check. It just seems like it was so unreliable not even hackers bothered with it.
Or they might not have known about it. It IS a obscure function.
Reply With Quote
  #19  
Old 12-06-2013, 06:52 PM
Zachery's Avatar
Zachery Zachery is offline
 
Join Date: Jul 2002
Location: Ontario, Canada
Posts: 11,440
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by Digital Jedi View Post
It doesn't seem to be something that was ever used, at least not proficiently. And it was in vB 3 as far back as I can remember. I'm not entirely sure it isn't tied to a script permission, but I'd have to check. It just seems like it was so unreliable not even hackers bothered with it.
It was used pretty often by some customers, I remember getting complaints about it early on in vB4's life cycle. But honestly, people who used the tool rarely got full backups, which caused more problems.

We removed it for the sake of causing less problems in the long run, IIRC.
Reply With Quote
  #20  
Old 12-06-2013, 08:18 PM
ozzy47's Avatar
ozzy47 ozzy47 is offline
 
Join Date: Jul 2009
Location: USA
Posts: 10,929
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
TBH, on smaller boards, I still use this, https://vborg.vbsupport.ru/showthread.php?t=192488

I had to tweak it a bit to get it to work on vB4 but it does it's job.
Reply With Quote
Благодарность от:
Max Taxable
Reply
Page 2 of 3 1 2 3

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 03:30 PM.

Contact Us - Archive - Top

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04366 seconds
  • Memory Usage 2,269KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (7)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (2)pagenav_pagelink
  • (10)post_thanks_box
  • (5)post_thanks_box_bit
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (3)post_thanks_postbit
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 
Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • fetch_musername
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • post_thanks_function_fetch_thanks_bit_start
  • post_thanks_function_show_thanks_date_start
  • post_thanks_function_show_thanks_date_end
  • post_thanks_function_fetch_thanks_bit_end
  • post_thanks_function_fetch_post_thanks_template_start
  • post_thanks_function_fetch_post_thanks_template_end
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete