erikdewildt / django-rotating-backup Goto Github PK

https://github.com/erikdewildt/django-rotating-backup/blob/develop/django_rotating_backup/backup.py#L151

Here, the PostgreSQL password is passed on the command line of the sh command, in order to get it into the environment of pg_dump.

This is a security issue, because command lines of running processes are world-readbale to anyone who has access to the system (regular shell users as well as attackers who get as far as calling ps ax).

Never do this, it is one of the most discouraged anti-patterns. Actually, this is the one reason why the PGPASSWORD environment variable was introduced — to stop people from passing their password on the command-line!

When I try to back up a MySQL database I get this warning logged.
Database 'default' is not supported as the type is 'mysql'

From what I can see in backup.py it seems only SQLite and PostgreSQL are supported.

My backup settings are:

DRB_ENABLE_SQLITE_BACKUP_COPY = False
DRB_ENABLE_DATABASE_DUMPS = True
DRB_ENABLE_MEDIA_BACKUPS = False
DRB_ENABLE_REMOTE_SYNC = False

When I run the backup I get the following error:

Traceback (most recent call last): File "./manage.py", line 15, in <module> execute_from_command_line(sys.argv) File "/Users/user/.virtualenvs/workinghours/lib/python3.7/site-packages/django/core/management/__init__.py", line 381, in execute_from_command_line utility.execute() File "/Users/user/.virtualenvs/workinghours/lib/python3.7/site-packages/django/core/management/__init__.py", line 375, in execute self.fetch_command(subcommand).run_from_argv(self.argv) File "/Users/user/.virtualenvs/workinghours/lib/python3.7/site-packages/django/core/management/base.py", line 316, in run_from_argv self.execute(*args, **cmd_options) File "/Users/user/.virtualenvs/workinghours/lib/python3.7/site-packages/django/core/management/base.py", line 353, in execute output = self.handle(*args, **options) File "/Users/user/.virtualenvs/workinghours/lib/python3.7/site-packages/django_rotating_backup/management/commands/create_backup.py", line 13, in handle RotatingBackup().run() File "/Users/user/.virtualenvs/workinghours/lib/python3.7/site-packages/django_rotating_backup/backup.py", line 289, in run backup_file = self.make_media_backup(destination=destination, pattern=hour_pattern) File "/Users/user/.virtualenvs/workinghours/lib/python3.7/site-packages/django_rotating_backup/backup.py", line 187, in make_media_backup backup_file.add(file) File "/Users/user/.virtualenvs/workinghours/lib/python3.7/tarfile.py", line 1949, in add recursive, filter=filter) File "/Users/user/.virtualenvs/workinghours/lib/python3.7/tarfile.py", line 1947, in add for f in sorted(os.listdir(name)): PermissionError: [Errno 13] Permission denied: '/.DocumentRevisions-V100'