[Dirvish] pushing backups
mateusz at bellsouth.net
Tue Oct 11 09:56:55 PDT 2005
I was just wondering, would it be possible to make the clients initiate
the rsync sessions instead of my backup server ?
Then i could possibly have local root rsync to backup server where it
doesn't have to have full root access (possibly).
I am just concerned that if somebody hacks my backup server somehow they
can use that machine to easily access all the other machines that backup
to it because they will accept ssh root sessions from it.
Ie. it becomes a single point of failure.
I would think that pushing the backups would make it harder for the
above scenario to happen.
Yes, the backup server should be on the private network not accessible
from the internet, but still it needs to talk to the other machines so
somebody could in theory hack the client, then get access (hack) to the
backup machine, and hit all the other clients from it....
More information about the Dirvish