Security models
---------------
(Note that communications between burp clients and servers always use SSL, so
that the network connections are encrypted. The SSL certificates give you some
assurance that you are speaking to the correct peer. The following is mostly
talking about the data that ends up written on disks.)
Burp is designed with two different security models in mind.
Untrustworthy server
--------------------
You are a client, and you don't trust the server.
* You must encrypt your data, using the client-side data encryption option,
which is 'encryption_password=[password]'. If you lose the password, you
will not be able to get your data back. Note that path names are not
encrypted, and turning on client encryption means that you cannot do
network librsync deltas.
(If you do not encrypt your data, be aware that it can be read and copied
by anybody that can read the server filesystem).
* You must not set the autoupgrade options in the client burp.conf.
* You must set 'server_can_restore=0' in the client burp.conf to prevent
server initiated restores.
* You must set 'server_can_override_includes=0' in the client burp.conf to
prevent the server from being able to backup files you do not want it to
access.
Untrustworthy users
-------------------
You are a site administrator with a burp server and several clients, you don't
trust your users. You have the ability to turn off various client abilities by
editing the server configuration:
* client_can_delete=0
* client_can_diff=0
* client_can_force_backup=0
* client_can_list=0
* client_can_monitor=0
* client_can_restore=0
* client_can_verify=0
|