Hi,
Are dropbox backups isolated?
So if someone had root access to a server would they be able to read or delete other data on the dropbox or only the folder from the repository?
In the background I think some type of read/write authkey is saved.
Dropbox Backups isolated?
Re: Dropbox Backups isolated?
All necessary critical data, which has to be decrypted at some point is AES encrypted. Even if a malicious user has access to the server, he has to encrypt this data first, to gain access to Dropbox, which would take millions of years with current hardware.
Mit freundlichen Grüßen / Best regards
Alexander Mahr
**************************************************************
Keyweb AG - Die Hosting Marke
Neuwerkstr. 45/46, 99084 Erfurt / Germany
http://www.keyweb.de - http://www.keyhelp.de
**************************************************************
Alexander Mahr
**************************************************************
Keyweb AG - Die Hosting Marke
Neuwerkstr. 45/46, 99084 Erfurt / Germany
http://www.keyweb.de - http://www.keyhelp.de
**************************************************************
Re: Dropbox Backups isolated?
Thanks for your answer. That is great news for the data in the backup as the assigned password of the repository makes it impossible to decrypt.
But I am thinking about the dropbox account and the backups and secrets that are there.
The point is we give a dropbox oauth key to keyhelp that allows write, read and delete of the entire dropbox account. It has to keep that key for all runs in the future and it is stored somewhere.
Now with one compromized server (eg rights escalation attack) the hacker could use the oauth key and read files there (eg for passwords, or other) or delete all backups from several servers. It seems that these keys are not tied to specific folders when I read about it in the dropbox documentation.
But I could be wrong and each key we request from dropbox is tied to just one dropbox folder, which would mitigate the issue and the reason why I asked in the first place.
But I am thinking about the dropbox account and the backups and secrets that are there.
The point is we give a dropbox oauth key to keyhelp that allows write, read and delete of the entire dropbox account. It has to keep that key for all runs in the future and it is stored somewhere.
Now with one compromized server (eg rights escalation attack) the hacker could use the oauth key and read files there (eg for passwords, or other) or delete all backups from several servers. It seems that these keys are not tied to specific folders when I read about it in the dropbox documentation.
But I could be wrong and each key we request from dropbox is tied to just one dropbox folder, which would mitigate the issue and the reason why I asked in the first place.
Re: Dropbox Backups isolated?
Like i said, Dropbox account credentials are also stored with AES encryption. So if the database is exposed, a possible hacker would not gain access to the secrets. At least if he did not have a million years of brute-force time.It has to keep that key for all runs in the future and it is stored somewhere.
That is correct. At least i am not aware of, that you can limit the credentials to a specific folder with Dropbox. Maybe Dropbox offers some kind of subaccounts you can utilize (Family / Business accounts) or just create a separate Dropbox account if you want the extra protection.It seems that these keys are not tied to specific folders when I read about it in the dropbox documentation.
Mit freundlichen Grüßen / Best regards
Alexander Mahr
**************************************************************
Keyweb AG - Die Hosting Marke
Neuwerkstr. 45/46, 99084 Erfurt / Germany
http://www.keyweb.de - http://www.keyhelp.de
**************************************************************
Alexander Mahr
**************************************************************
Keyweb AG - Die Hosting Marke
Neuwerkstr. 45/46, 99084 Erfurt / Germany
http://www.keyweb.de - http://www.keyhelp.de
**************************************************************