Laravel-backup: **[PROPOSAL]** Encrypting database backups

Created on 26 Oct 2016  路  4Comments  路  Source: spatie/laravel-backup

In raising this issue, I confirm the following (please check boxes):

  • [X] I have read and understood the contributors guide.
  • [X] I have checked the pull requests tab for existing solutions/implementations to my issue/suggestion.
  • [X] I have checked that the bug-fix I am reporting can be replicated.
  • [X] I have sent a postcard of my hometown.

I'm interested in securing the contents of my database backups by encrypting them. I've looked into multiple ways to do this and would like your input on which option(s) you would accept as a pull request:

1) Use password protected zip files
I'm aware that PHP's ZipArchive does not support creating encrypted zip files, and the only way to do such is to make a system call to the 'zip' command. This will require a bunch of if/else statements in SpatieBackupTasksBackupZip, when no password is in play, use PHP's ZipArchive, when a password is in play, call the system 'zip' command. Since a key portion of the security of password protected zip files is the strength of the password, I would also add a minimum-length to the password used to create archives.

2) Encrypt the SQL file before including in manifest
It could either be explicit in BackupJob::dumpDatabases() or it could be an callback in createBackupManifest() that takes and returns (a possibly modified) $databaseDumps. While this is probably the cleanest from the point of view of this package, it isn't optimal for the file itself, because its better to compress then encrypt, rather than encrypt then compress. But it'd still get the job done. For my purposes, encryption is way more important than effective compression. However, this could allow for stronger encryption than Zip files offer.

3) Abstract SpatieBackupTasksBackupZip so I can extend it and bind my class that I implement option 1 in. I would probably abstract BackupJob too in case I needed to extend that class too for currently unforseen reasons.

4) Allow BackupCollection to recognize non-zip files as well. I could trigger my encryption of already compiled zip files on the BackupWasSuccessful event. I'd want to change the file name from, for example, backup20161024.zip to backup20161024.zip.encrypted.

Do any of these approaches seem appealing to you?

Most helpful comment

Actually - since this is a "laravel" package - can we just do this? (semi-pseudocode)

$file = Storage::get('file_about_to_be_saved');
if (config('encrypt')) {
    Storage::put('encrypted_file', Crypt::encrypt($file));
}

As per https://laravel.com/docs/5.3/encryption

Then just have an encrypt config value in the package.

So you wouldnt need to 'support' encryption - Laravel already does it?

All 4 comments

Hi,

thank you for describing your suggestions in such detail.

I'd like to keep this package as simple and generic as possible. Encrypting is something I don't want to maintain.

The simplest thing to could be done to support your use case is to just manipulate the manifest. Currently files can only be added to the manifest. If it were to have some more functions such as search and remove it would be a lot more powerful. You could search the dumped version of the db, adding a encrypted copy of the file, and/or optionally removing the encrypted db dump.

I would certainly accept a fully tested PR that adds search and removal capabilities to the manifest.

I just came here looking for this exact same functionality. One of the common database security methods is "keep data secure at rest". It is a top 10 for OWASP: https://www.owasp.org/index.php/Top_10_2010-A7

Personally think this would be a really good default to be in this package. It helps promote and secure all the applications using it.

Actually - since this is a "laravel" package - can we just do this? (semi-pseudocode)

$file = Storage::get('file_about_to_be_saved');
if (config('encrypt')) {
    Storage::put('encrypted_file', Crypt::encrypt($file));
}

As per https://laravel.com/docs/5.3/encryption

Then just have an encrypt config value in the package.

So you wouldnt need to 'support' encryption - Laravel already does it?

See #307

Was this page helpful?
0 / 5 - 0 ratings

Related issues

itzikbenh picture itzikbenh  路  3Comments

andaril picture andaril  路  3Comments

sherwinmartin picture sherwinmartin  路  5Comments

rylxes picture rylxes  路  5Comments

spaceemotion picture spaceemotion  路  3Comments