I must have read it somewhere in this forum--can't remember when and where--that restoring the db as a function is not supported in mybb for security reasons. Does anybody know what those 'security reasons' are?
The reason why I'm asking is because I believe that restoring backups is a pain in the neck for those who are not familiar with phpMyadmin, Cpanels or sql commands and it would be extremely easier for them to restore their backups form the ACP, which already performs amazingly fast backups.
I never had a problem myself with the backup or restoring of dbs but I'm just curious to know WHY?!
Any reply will be highly appreciated
My guess is that with security, some admin, who you wouldn't want, could upload their own DB and stuff things up.
But then, I wouldn't be giving out access to the DB management section to those admins, unless I wanted them to perform backups for me.
Another possible issue is bugs, though I generally haven't encountered any (I recently did get a memory error trying to backup the DB via the AdminCP - I guess it's a MySQL configuration issue though).
Apart from that, I think it's an excellent idea.
ZiNga BuRgA Wrote:My guess is that with security, some admin, who you wouldn't want, could upload their own DB and stuff things up.
But then, I wouldn't be giving out access to the DB management section to those admins, unless I wanted them to perform backups for me.
Another possible issue is bugs, though I generally haven't encountered any (I recently did get a memory error trying to backup the DB via the AdminCP - I guess it's a MySQL configuration issue though).
Apart from that, I think it's an excellent idea.
Thanks ZiNga BuRgA for your attempt to justify the lack of a restore tool in the ACP; but I believe this has nothing to do with admins' misuse of their roles (an admin, by definition, is trustworthy person). Moreover, memory errors are usually related to the server or to the max_execution_time in the php.ini and not to mybb.
I'm sure there is more to it than just those issues.
Regards
Tikitiki Wrote:Security.
That is precisely what I need to understand my dear TikiTiki. MyBB must have its own definition of the term "security". If the backup module is already incorporated into mybb, then why isn't the restore feature part of the same "gift". I believe that admins are wise enough not to hack their own backups.
But what if an admins account were to get hacked? Then the offender could restore a really old backup and possibly delete the other ones.
It was cumulatively agreed by the Development staff to not add this functionality, because of the possible Security Threats it presented.
Security issue.
Why?
1 - If we allow users to upload their own backup files & a malicious user gains access to the Admin CP they can upload all sorts of funny things - delete/drop tables, delete data & modify it on a large scale.
2 - If we allow users to restore backups from the admin/backups directory, a malicious user could perform a restore of a database 1 year old - thus overriding all of the newer content.
Thanks Ryan and Chris for your replies. There is a great logic, of course, in what you are saying; but I was just wondering about the possibility of something like this:
followed by this:
Or can this also be hacked? You know better of course.
Of course it could be hacked. If they can get into your account then what makes you think they won't be able to get into your security code?
Putting in "restore backups" would render the "Super Admin" functionality useless. Someone tcould simply "restore" the users table with their own account information in place of the super admin. With the super admin functionality there is always a way to save you forum from complete lock out. If we implemented the restore backups feature, there's always the chance it could get hacked.
![[Image: restore.jpg]](http://edcu.net/public/restore.jpg)
![[Image: code.jpg]](http://edcu.net/public/code.jpg)