Secure backup using MySQL and C #

Navigation
1

My application is C # and BD is MySQL, when I do the backup it creates a arquivo.sql . This arquivo.sql can be edited easily in a notepad, or any other editor, thus leaving my bd well summery, how can I do that nobody edits my BD and that only the user registered by me on the server can open that < in> backup .

The MySQL line of backup I use 

public void Backup(string Caminho) //Backup a MySQL database
    {
        string constring = _StringConexao;
        string CaminhoBackup = Caminho + "\databases.sql";
        using (MySqlConnection conn = new MySqlConnection(constring))
        {
            using (MySqlCommand cmd = new MySqlCommand())
            {
                using (MySqlBackup mb = new MySqlBackup(cmd))
                {
                    cmd.Connection = conn;
                    conn.Open();
                    mb.ExportToFile(CaminhoBackup);
                    conn.Close();
                }
            }
        }
    }
    
asked by anonymous 30.01.2015 / 21:15

1 answer

4

Your database will not be vulnerable because of this. The database and this file with its SQL code are different and unrelated thing.

Do you want to protect the backup so that no one else moves? Do not give access to it to any user. Do not expose this possibility in the application. This is the right way to do this.

If the database is on a protected server, do the routine that generates the backup file to run on this server only. If so, schedule a task.

If the database is not on an isolated server without user access, then you are already experiencing much larger problems than protecting the backup .

If you insist on doing the backup on the client, even if it comes from a protected server, does it have other vulnerabilities? It's no use worrying about securing something secondary if the principal has problems. And it is very common to have problems. Those who are not a security expert often overlook several flaws that are not obvious. In general they end up not causing problems if you are in a more controlled (internal) environment.

If you think you still have to do this, you can use builtin encryption for the class you are using. 

using (MySqlConnection conn = new MySqlConnection(connectionString)) {
    using (MySqlCommand cmd = new MySqlCommand()) {
        using (MySqlBackup mb = new MySqlBackup(cmd)) {
            cmd.Connection = conn;
            conn.Open();
            mb.ExportInfo.EnableEncryption = true;
            mb.ExportInfo.EncryptionPassword = "qwerty";
            mb.ExportToFile("C:\backup.sql");
        }
    }
}

See the documentation .

This example also shows the correct way to use the connection. No need to close. It closes by itself.

If someone has access to the password and this is easier than it looks, you may have access to the information.

    
30.01.2015 / 21:37
How to return the specific element when using multiple custom share buttons on the same page, using querySelectorAll? Application Security Change for Medium Trust