xrg wrote:
1. Just anybody running anything on your server could have the ability to issue shell commands and then read the cmdline. (I'm not sure about the security of env vars, either). Which means, that, once they issue a 'ps -ef' at your system, they have your password!
If you just trust all local users, is more secure: because the password will remain secret.
2. pg_dump was intentionally designed to not take the password like that.
3. the apache user is the most exposed one. Just any vulnerablity at a web application could let them also penetrate in a2billing.
4. Your idea about the cronjob is what I meant. That is the best one. I would also encrypt the db file before sending it. Naming the backups after their date, is also easy and will let you have a history (in case data gets damaged).
5. Note that apache still has access to a2billing whatsoever. *all* your webapps running there have to be secure, otherwise you're compromizing the call data[1].
[1] in most countries it is a crime to publish call data. It is not just any business data.
Wow good one....ALL very valid points
Unfortunately.....i think this post will go WAAAAY over the heads of most users here haha....