Web config backups created in plain text on UNC path prior to be zipped
Web config backups created in plain text on UNC path prior to be zipped
0 vote
Currently the observed behavior of the Web Config backup is that all files are copied to a temp folder inthe UNC path (which is available to a large audience), then zipped and password protected. This leaves us exposed for the several minutes this process takes, plus malware could be set to monitor for file changes/adds and then shadow copy them elsewhere.
Please update this process to create the ZIP file locally before placing on the UNC share.
Mike Shook (he/him/his) | IT Practice Owner – Cybersecurity and Compliance | http://www.barrettdistribution.com | mshook@barrettdistribution.com | 703.891.4190
All Comments (2)
Hello Mike,
Thank you for your request. What you suggest make sense, I opened a ticket to improve that. Meanwhile, we suggest to set a private folder to do the backup to avoid that. We will post here once we have a fix.
Best regards,
François Dubois
Hello Mike,
A quick follow up to let you know that release 2024.1 has been released and we improved how we create the backup as discussed previously.
Don't hesitate if you have other questions/comments.
Best regards,
François Dubois