[wp-testers] About DB Backup

Conrad - Conrad_Vanl conrad_vanl at convandesign.com
Mon Sep 25 22:32:41 GMT 2006 

It seems like we're making a big deal about nothing. If there's a security issue with the DB backup then remove it. If people want it they'll download it. I've never even used the DB backup, I've always just used phpMyAdmin for stuff like that ... it's easier (for me at least). 

I understand the XML export doesn't do all the same stuff and it needs to be improved. But you're having to weigh the price of a major security issue or not include it but having to resort to a third party DB backup like phpMyAdmin.

-----Original Message-----
From: wp-testers-bounces at lists.automattic.com [mailto:wp-testers-bounces at lists.automattic.com] On Behalf Of Ryan Boren
Sent: Monday, September 25, 2006 4:59 PM
To: wp-testers at lists.automattic.com
Subject: Re: [wp-testers] About DB Backup

Ryan Duff wrote:
> Robert Deaton wrote:
>> On 9/25/06, Trevor Turk <trevorturk at yahoo.com> wrote:
>>> I'm still not clear on whether or not the plugin has a security 
>>> vulnerability, <snip>
>> Do you honestly think Matt would just up and lie about a security 
>> issue existing?
>> http://www.google.com/search?q=wordpress+database+backup+plugin+vulne
>> rability
>>
>>
>> Not to say that I think its enough or proper justification for 
>> dropping it entirely, but would Matt lie about it so blatently?
>>
> 
> But that bug report is from back in the middle of August, and a patch 
> was created by Ryan Boren already and noted in the Secunia advisory 
> (http://secunia.com/advisories/21486).

That was the third security fix for wp-db-backup since it was introduced to core.  It is unmaintained, and I'm tired of fielding the email it generates.

> As someone else said, he's replacing it with code that:
> 
> 1. Doesn't do the exact same, export and backup are NOT the same.

The exporter is still being enhanced.  Those who care strongly about the db backup plugin can maintain it.

> 2. Ties into another for-profit service he runs.

Huh?  How is an exporter that is available to all WP blogs a tie in? 
This is a long overdue feature and gives no sustenance to any fanciful conspiracy theories.

Ryan


_______________________________________________
wp-testers mailing list
wp-testers at lists.automattic.com
http://lists.automattic.com/mailman/listinfo/wp-testers

More information about the wp-testers mailing list