Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-28008

backup_unique_code duplicate

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Won't Fix
    • Affects Version/s: 1.9.12, 2.0.3
    • Fix Version/s: None
    • Component/s: Backup
    • Labels:
    • Database:
      Any
    • Affected Branches:
      MOODLE_19_STABLE, MOODLE_20_STABLE

      Description

      We had in incident occur, where somebody did a backup and restore, and files were included in their destination course that were not in their original source, and were not their files at all.

      We tracked it down, and they came from another course which created a backup at the same time on the system. Doing some research, I can only find that backup_unique_code is set based on time(), and never appears to be validated as unique. Relying on the probability of two backups not happening at the same time seems to be very risky, especially on large/busy Moodle installs.

      If they conflict occurs, it would seem to mean unpredictable backups, and the possibility of file leakage from one party to the other. While very hard to actively exploit, the risk of data leakage seems moderate to high.

        Attachments

          Activity

            People

            Assignee:
            stronk7 Eloy Lafuente (stronk7)
            Reporter:
            emerrill Eric Merrill
            Participants:
            Component watchers:
            Adrian Greeve, Jake Dallimore, Mathew May, Mihail Geshoski, Peter Dias, Sujith Haridasan
            Votes:
            22 Vote for this issue
            Watchers:
            8 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: