borgwarehouse icon indicating copy to clipboard operation
borgwarehouse copied to clipboard
Published 1 month ago verified publisher icon Ravinou

Add feature that disallows reverting append-only mode

Open Forceu opened this issue 8 months ago • 4 comments

This PR adds a feature that disables reverting back from append-only mode to normal mode. It is off by default.

This can be used for additional security. For example, if the repo is append-only, an attacker with access to an API key with update permission (or the web UI if DISABLE_DELETE_REPO is set) and backup source should not be able to delete the repo. However, by removing the append-only mode, uploading an empty backup, deleting all previous backups and compacting the repo, the attacker deleted all data and leaves an empty repository. This feature would prevent this (most likely rather remote) case.

Forceu avatar May 14 '25 09:05 Forceu

Very interesting feature. However, I think we should perhaps add a warning icon on the editing UI side to warn you that if you activate the mode, it cannot be deactivated. What do you think?

Ravinou avatar May 18 '25 10:05 Ravinou

That is a good idea. I think I had problems reading the env variable in the RepoManage container the last time when I tried adding an indicator if the server supports deleting repositories. Did I simply used incorrect code or is it not possible to get a proper process.env in this instance?

Forceu avatar May 18 '25 10:05 Forceu

You can't read env from front end, only from backend for security reason, so you need to read it by API 👍

Ravinou avatar May 18 '25 10:05 Ravinou

I assume there is no API call for that yet? At least in the API documentation I didn't see anything. If not I might add some parameters to the /version call output.

Forceu avatar May 18 '25 10:05 Forceu