Weblog seems to provide unauthenticated access to backuplogs


#1

Hi,

I just executed some test backups.

I wanted to test the web logs. I could see the logs without authenticating on the website. These logs provide a list of all our databases and paths of the DB files. They also contains usernames and IP addresses. I should think this kind of information should not be accessible by any one else then me.

Is this expected behaviour?


#2

Hi Wim_Allegaert,

For SQLBackupAndFTP 14 days Professional Trial edition we show Web Log without any authorization requirements. We do it because installation doesn’t relate to an account. If an installation is related to an account (the license is purchased) then for the Web Log the authorization with the appropriate credentials is required.

For the WebLog viewing a GUID (Globally Unique Identifier) is included in the URL, which is almost impossible to find.

Please let us know if you have any further questions.