[Box Backup] Unencrypted storage?
Fri, 03 Dec 2004 13:42:37 -0500
I currently use an rsync-to-RAID backup system. It is pretty efficient
to do incremental backups by doing a recursive directory tree hard link,
then do rsync with deletion to make separate file data for changed
files. The result is easy browsing of several snapshot states.
Even though box backup is designed around secure storage, I thought it
might be good to have an unencrypted option for a trusted RAID system,
to make file browsing easy.
BUT then I realized: even if you trust the backup server, encrypted data
is much better system. This way, all of the backup tapes/disks do not
contain sensitive data. The only sensitive data is the cert keys. If a
RAID disk dies, you don't have to worry about throwing it away.
SO, if one wants files browsable on the storage server, the best
approach is to keep everything encrypted, but let the server hold a copy
of the client keys.
In fact, a PHP/HTTPS based file browser could require you to send the
client key, and hold it only for the duration of a PHP Session.
Does this sound like a good plan for people with a trusted storage server?