Hacker News new | ask | show | jobs
by gcr 3544 days ago
Careful! If someone hacks your server, they now get your Dropbox account.

One alternative is to put these backups into S3 using pre-signed requests rather than Dropbox. An S3 pre-signed request gives permission only to upload files, perhaps only to a certain location in a certain bucket.

It's a bit harder to set up, but the shell script will look almost the same.
1 comments
meowface 3544 days ago
You can actually set up app folders in Dropbox so that a particular API key effectively chroots you to that folder. The attacker would only get the backups.
link
jaffa214525 3544 days ago
Which is literally the worst scenario. An attacker owns your box and now your backups.
link
kornish 3544 days ago
Well, maybe second-worst. The worst would be them getting all your Dropbox files.
link
abrookewood 3544 days ago
No, the worst case is actually losing your data ...
link
usaphp 3542 days ago
But if he already owns your box what prevents him from accessing your data anyway?
link
gcr 3540 days ago
Usually you don't want to give any attackers the ability to destroy all your backups of the server they hacked.

S3's "upload-only" API keys are a solution here: you send the backups into a black hole but the attacker can't delete them.

Looks like Dropbox might not have something like that, giving the attacker read-write access to backups if they can get that API key.

link
chatmasta 3544 days ago
How do you avoid that with any backup service?
link
toomuchtodo 3544 days ago
Push to an S3 bucket with upload only credentials with versioning turned on.

Your master account (or superuser IAM account if you're paranoid) gives you read/write after 2FA login, but you could share your backup creds with the world and never have your backups pulled out or overwritten.

Use S3 lifecycle rules to expire backup objects after x days; data transfer in is free, the operation requests are pennies per thousand, only the bandwidth is expensive (10 cents/GB) to retrieve the backups when you need to perform a restore (even then, still very cheap).

Also, by storing in S3, you can backup and restore from anywhere.

link
TheDong 3544 days ago
Use a pull based one instead of a push based one.

My backup system involves my data storage system reaching out to each machine I want to backup and fetching the data locally.

All I need for that is to put my storage system's public key on the machines, and I'm fine with an attacker getting that.

link