Hi,
Didn’t find a definitive answer in the doc, so asking.
I setup a rest server without https and without htpasswd authentication. During first access, I set up a strong repository password.
Is my repository safe from unwanted hostile access that way ?
It’s not safe: While attackers who can to communicate with the REST server are unable to decrypt data, they can remove all data stored in the repo, effectively destroying the backup. That’s not a good idea.
Please make sure to set a password or guard access to the REST server via other means.
Hi Alexander,
I see, but don’t really get it.
I believed that once a repository password/key is set, it is needed for all further operations.
So recommanded way it to setup https and add .htpasswd authentication ? That’s a bit cumbersome for my use case.
(BTW: big up for this fantastic piece of software !)
The password for a repository in restic is used for encrypting and signing the data stored in the repo. Being able to access or remove it is a completely different thing, the repo password does not protect against e.g. files being removed on a remote repository.
The backends used for storage in restic are a bit dumb: They just allow storing, listing, retrieving and deleting files, that’s it. The access control (who is able to store/delete/read/list) must be implemented by the server, separate from restic.
So for the REST server you need to set a password if the service is available to anybody else, otherwise the files can be deleted.
Thanks for this explanation.