Chapter 9. Securing your Akeeba Solo (Standalone) installation

Access rights

As with every software which can access your site as a whole, Akeeba Solo needs to control who's got access to its backup functionality. The per-user permissions are already covered in the User Manager section of this documentation.

The front-end backup feature is a different story. Since it has to be available to unattended scripts which can't use cookies and interactive user authentication, a different approach was taken. Instead of requiring the user to have logged in with Akeeba Solo it uses a simple "secret word" authentication model. Because this "secret word" is transmitted in clear text we strongly advise against using it over anything else than a local network (for example, an automated tool running on the same host as the web server). If you have to use it over the Internet we strongly advise using a secure protocol connection (HTTPS) with a valid commercially acquired certificate.