Amazon S3 secret key saved as plain text in database, available in db export by default [#373780]

I was testing the new S3 backup option and while the functionality was flawless I'm concerned with my secret key being saved as plain text in the database. It is critical that I keep this key private, which means that I can't allow users to download their backups if I use S3 as the storage option.

As a potential workaround I tried excluding the table with the data but this doesn't work either as users can choose which tables to download if they are allowed to download their backups. As well, not including this table would mean that restoring from a backup would erase the previous settings.

I could see two options for fixing this:

- Allow the S3 connection information to be stored in code in the same way settings.php contains the database information.
- Use encryption on the password field.

Alternately, I could understand if this is marked as "won't fix" as there is a clear warning that sensitive information could be exposed by using this module.

Comments

Comment #1

ronan commented 15 February 2009 at 02:39

I'm not sure password encryption would help (you'd need to store the key to decrypt the password which sort of defeats the purpose). Storing the key on disk may help mitigate the security issues, which dovetails nicely with #373786: Add option to store backup profiles in code.

I feel like that should be the way to go here, but I'm not going to make it a very high priority since, as you say, there's something inherently dangerous about db backups in the first place.

Ronan