[Box Backup] Backup the backup

Chris Wilson boxbackup@fluffy.co.uk
Tue, 31 Oct 2006 21:06:41 +0000 (GMT) 

Hi Ben,

On Tue, 31 Oct 2006, Ben Summers wrote:

>>  The last part is a little insecure. Any of your customers could set up an 
>>  impostor for another company's server, but they'd still have to persuade 
>>  clients at the other company to connect to their server instead of yours.
>
> Are you sure? Clients and servers use different CAs, so you can't use a 
> client cert to pretend to be a server.

OK, I didn't know that, sorry. But I think my point is still valid. With 
all the servers having certificates signed by the same CA, the client will 
trust any of them equally, right?

> I don't see how two servers makes any difference anyway.

Sorry, I don't understand what you meant by that.

>>  Unless client A (which normally backs up to server B) backs up to the 
>>  secondary server S one day, and then rsync from B overwrites the newly 
>>  backed-up data on S.
>
> Cached data on the client could be a problem. It's not necessarily going to 
> detect it's using a different server.

If it's reconfigured to change the StoreHostname, then it would discard 
cached data, right?

Also, if the secondary server S is not in sync with the primary server B, 
then the client store markers will differ, so next time the client tries 
to connect to the server, it will notice that and discard the cached data, 
right?

The only vulnerability that I can see is when NAT was used to redirect 
from the old server (B) to the new one (S), rather than reconfiguring 
the client to change its StoreHostname.

In that case, the client might not detect that the store host had changed, 
until it detects a local change and decides that it needed to contact the 
server.

So if B dies without syncing its latest changes to S, it will be a while 
before A contacts S, discovers that the client store marker is wrong, and 
resyncs everything.

Cheers, Chris.
-- 
_ ___ __     _
  / __/ / ,__(_)_  | Chris Wilson <0000 at qwirx.com> - Cambs UK |
/ (_/ ,\/ _/ /_ \ | Security/C/C++/Java/Perl/SQL/HTML Developer |
\ _/_/_/_//_/___/ | We are GNU-free your mind-and your software |