Support

Akeeba Backup for Joomla!

#8990 Table view rule in database not working anymore after restore

Posted in ‘Akeeba Backup for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Akeeba Backup version
n/a

Latest post by nicholas on Friday, 12 August 2011 17:28 CDT

Monday, 08 August 2011 12:39 CDT

Michel Kant
Mandatory information about my setup:

Have I read the related troubleshooter articles above before posting (which pages?)? Yes
Have I searched the forum before posting? Yes
Have I read the documentation before posting (which pages?)? Yes
Joomla! version: (1.6.6)
PHP version: (5.2.17)
MySQL version: (5.1.54)
Host: (optional, but it helps us help you)
Akeeba Backup version: (3.3.2)

EXTREMELY IMPORTANT: Please attach your Akeeba Backup log file in order for us to help you with any backup or restoration issue.

Description of my issue:

Hello all,

Yesterday I tried to update Community Builder from 1.4 to 1.7
After update I lost all menu’s in administrator panel.
Gladly enough I created a backup first with Akeeba backup Pro.
Only, I was not able to restore with the backup I created and I was not able to go to the restore point Akeeba backup created. (Simply, there were no Administrator menu’s available.)

So I installed Akeeba Backup on a other domain, make a backup of this domain, and this way I was able to see all url’s I need to execute. I figure out the ID of the latest backup in mysql database. And I was able to execute the backup.
Maybe it is a tip to show Backup ID from admin panel.. Anyway.

Site was up and running in minutes. Only….

I have 2 joomla installations One in root, and one in sub directory. Both use the same mysql database with its own database prefix.
I created in mysql DB for the users tables, community builder tables and for the uddeim tables a view. (root contains all data, subdir = forum gets the data from root)

Example:
I drop the user tables in database with the forum prefix
And I created a view for the forum user tabels, these tables get the data from the tables with the jos prefix.
After restoring the site, these rules did not work anymore.
First, when visitor was logged in on root, visitor was also logged in on forum. After restore visitor needs to login again when switching from root to forum and from forum to root.

Is this a known problem? Or is it me did something wrong?

Thank you and regards.

Monday, 08 August 2011 12:54 CDT

nicholas
OK, let's see, two things here.

First, the backups are always stored as archive files in your backup output directory (by default administrator/components/com_akeeba/backup). The basic premise of backups is that you can restore them even if your whole site has crashed in flames. It's very easy! Just copy the latest backup archive -tip: look at the file creation date- to your site's root, put kickstart.php in there and simply follow the instructions in the video tutorial.

Now, the other problem is with the databases. Since both sites store their data inside the same database with different prefixes, you have a slight problem: Akeeba Backup backs up the entire database unless you tell it differently, including the other site's tables. Just go to each site, use the Database Table Exclusion feature to exclude the other site's tables. Tip: you can click on the "Excluded non-core tables" button to have Akeeba Backup do that automatically. It takes a while (about 2 minutes), but it works just fine. Just remember to do that again when you install new software on the other site and you'll be just fine!

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Monday, 08 August 2011 13:20 CDT

Michel Kant
Hi Nicholas,

Thank you for the great support.
I am installing Akeeba back up in subdir as we speak.
I will exclude the tables from each other.
Only one thing.. I also have PHPLD installed in a subdir. Is it wise to exclude these tables too?
Thank you for the Kickstart tip.
I will use it next time I need it.
Kind Regards,

Michel

Monday, 08 August 2011 13:22 CDT

nicholas
Yes, you have to exclude its database tables and its directory from the backup.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Monday, 08 August 2011 13:32 CDT

Michel Kant
Okay..

Just exclude it.

Thank you....

Friday, 12 August 2011 05:44 CDT

Michel Kant
Hi Nicholas,

After some sweaty hours to find out why automatic login between different Joomla installations did not work anymore after restore, I finally find out what was wrong in the total setup.

The Akeeba restore process changed the Secret Key in configuration file. To work with multiple Joomla installations and to create a one time login for all installations, the secret key has to be the same.

If I choose for not embed the installer in the restoration file, I create a backup file with no installer.. Right? So this way, Akeeba create a backup file and after restore all files are original. Right?
I hope so…

Kind regards

Michel

Friday, 12 August 2011 06:28 CDT

nicholas
Hello Michel,

No, this is not true. Every time you restore a site, the new configuration.php file is written to disk at the end of the restoration. As a good security measure, the secret key is always overwritten with a new, random one. You have to manually edit it and replace the secret key with one of your liking for the single login to work.

IMHO, a login solution which is based on the secret key of all sites being the same can seriously compromise your security. I understand why this requirement exists (the login cookie uses the secret key to encrypt authentication information) but I can not endorse it as a secure way to handle single sign on in Joomla!. In the lack of a better solution, you can still use it but be aware that it's not a perfect solution.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Friday, 12 August 2011 11:43 CDT

Michel Kant
Okay,

Now I understand why the process create new secret key’s.
I did not know it is a security issue using the same secret key’s.
So I placed both configuration files outside the public html folder.
Hopefully this is a better solution.

Friday, 12 August 2011 13:18 CDT

nicholas
Relocating the configuration.php IMHO offers exactly zero security and degrades your restoration experience (since the original configuration.php can not be backed up, the restored site will have lost all of its configuration.php settings, requiring you to manually reconfigure it after restoration).

The security implication of using the same secret key is that if an attacker intercepts or spoofs a cookie for Site A, then he will be able to use the same cookie for sites B, C and D as long as all of the sites share the same secret key. This can lead to a situation where Site A has exactly one exploitable vulnerability (e.g. in a component used only on Site A), sites B, C and D do not share this vulnerability, yet they are all compromised. If the attacker is wise enough not to touch site A, therefore not alerting you of the vulnerability he exploited, he will throw you to a witch hunt when trying to unhack sites B, C and D. He will be apparently able to login to those sites as if an act of magic, without any trace of vulnerability, misleading you into believing that Joomla! is insecure, whereas the truth is that you have an insecure component in the only site it wasn't attacked. In order to avoid this "black magic" race condition it is advisable to use a different secret key on each and every of your sites. Of course, that is incompatible with the single sign on feature as currently implemented on your sites.

In theory, single sign on should be performed in a quite different way. Ideally, upon signup, the authorising site could open hidden IFRAMEs to the other sites participating in the SSO (Single Sign On) scheme, with a cryptographically secured body containing the login credentials. This would allow the other participating sites to install their own cookies on the user's browser. While this doesn't absolutely shield you from the "black magic" race condition, a single captured cookie (e.g. of Site A) would not compromise the other participating sites. Of course, as is the case with singular authentication credentials shared between different sites, if an attacker manages to get hold of the username and password of a legitimate user, all bets are off; he would still be able to infiltrate all participating sites. However, the latter issue is inherent to any SSO scheme and is the security tradeoff for the convenience measure that SSO constitutes.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Friday, 12 August 2011 16:41 CDT

Michel Kant
Hmmm. Your explanation is very clear.

Maybe it’s wise to use Admin Tools to protect the website. Just purchased the Pro version.

For me it is no option to create IFrames. Simply because I do not know how to configure these kind of solutions.

It is too bad the site is very slow with Kunena forums component installed next to the other components. This is why I create another Joomla installation to speed up the website.

Friday, 12 August 2011 17:28 CDT

nicholas
Thank you for your subscription!

Yes, in your case you don't have much choice but to endure the existence of two sites, unless you'd like to change your forum component (and have ample disk space). On this site I am using NinjaBoard. It's very fast all by itself, but the latest version has an even better feature. If you have caching turned on, it will pretty much cache everything, even SEF URLs (without even using a SEF component). If you have ample disk space, it will take a heck of a lot of load off your server, guaranteed. And, yes, it does import from Kunena. I'd suggest trying out NinjaBoard on a copy of your site first to make sure it meets your needs and consider making the switch. I've never regretted the switch and Stian, its lead developer, has been the most helpful (and then some!) every time I stumbled on an issue when occasionally using beta releases (the price I pay for using betas on a production site, I know, I know :D)

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!