Hi, following an import from Kinsta a backup.sql file gets created, however it is not removed upon completion?
Hi @dgilfillan, thanks for bringing this up. I’ve noticed this as well and have asked our devs for more clarification as to why it isn’t removed.
It looks like we will start deleting the backup.sql in one of the upcoming updates, @dgilfillan; thank you for reporting this!
Hey,
2 years later this is still an issue with the latest version of DevKinsta. I just bumped into these mysterious backup.zip files in public folder of two of the sites we host and found out they were created when I pulled the sites to my local environment.
Both databases have thousands of users with all their meta data and that info was available to all the world to download in a file with a known name. Am I wrong to say that this is a huge security issue? Not just that the file is left behind, but also the fact that it always has the same name. The naming issue also applies to downloadable backups in kinsta {sitename}.zip, but that’s a different story.
I am disappointed.
Hi there!
Hm. We should be removing this file; however I will point out that we do also have a rule on the server that blocks access to .SQL files on the site (except over SSH/SFTP) so there should not be any security concerns with having that file in the directory in question.
I’ll reach out to our internal teams to see if we can determine why the file wasn’t removed if you can DM me the name of the site in question.