Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Won't Fix
    • Affects Version/s: 1.9.12, 2.0.3
    • Fix Version/s: None
    • Component/s: Backup
    • Labels:
    • Database:
      Any
    • Affected Branches:
      MOODLE_19_STABLE, MOODLE_20_STABLE

      Description

      We had in incident occur, where somebody did a backup and restore, and files were included in their destination course that were not in their original source, and were not their files at all.

      We tracked it down, and they came from another course which created a backup at the same time on the system. Doing some research, I can only find that backup_unique_code is set based on time(), and never appears to be validated as unique. Relying on the probability of two backups not happening at the same time seems to be very risky, especially on large/busy Moodle installs.

      If they conflict occurs, it would seem to mean unpredictable backups, and the possibility of file leakage from one party to the other. While very hard to actively exploit, the risk of data leakage seems moderate to high.

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Votes:
                22 Vote for this issue
                Watchers:
                8 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: