New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
secure repo password change #3823
Comments
When a repository is opened, the repository password is stored locally so that there is no need to ask for it every time Kopia has to perform a task, therefore, anyone who has access to the computer will be able to see it. That said, what is the need to ask for a password that is already available locally? It seems to me that a validation that the password is not repeated would only be beneficial to prevent Kopia from making unnecessary changes to the repository (since the password is the same). I don't know if this is already implemented. From a security point of view I don't see any benefit in this validation. |
I understand your objection. Or (and now it goes into the Kopia architecture, which I may not know very well) I can do an initial or regular offsite backup of these two files kopia.blogcfg and kopia.repository We can of course discuss the probability of the scenario occurring. But maybe I'm missing something; therefore the discussion also increases understanding. |
The repo password is currently changeable without having to confirm the action with the existing password. The new password also does not have to be repeated. Kopia is still a great backup software, but unfortunately this fact breaks the ObjectLock feature.
After this fix: The password should neither be readable from memory nor compromised by an older Kopia version. I would be very happy about this big piece of more security. I would like to take this opportunity to praise the project and thank the community.
The text was updated successfully, but these errors were encountered: