Conversation:

Notices

1. maiyannah (maiyannah)'s status on Monday, 12-Dec-2016 06:43:25 EST maiyannah

   Remote profile options...
   Thought: You could have the migration generate a key used to encrypt the backup, which is then transmitted only to the target server and then stored, and then email the user the migration data when the backup task is complete.  They would then upload that zip file to the target server and the key would be needed to decrypt the archive and thus import the account.
   • maiyannah (maiyannah)'s status on Monday, 12-Dec-2016 06:51:38 EST maiyannah

     Remote profile options...

     • Bob Mottram
     What do you think of this implementation idea for your suggestion, @bob?
   • maiyannah (maiyannah)'s status on Monday, 12-Dec-2016 07:00:53 EST maiyannah

     Remote profile options...

     • Bob Mottram
     @bob Well I figure if the archive is encrypted and the end-user doesn't have the key then that mitigates most attacks regarding injection of bad data sufficiently.
   • maiyannah (maiyannah)'s status on Monday, 12-Dec-2016 07:02:39 EST maiyannah

     Remote profile options...

     • Bob Mottram
     @bob It is my understanding that this is the reason the functionality of restoring remote backups was curtailed in StatusNet originally, from the comments, but I may be wrong.
   • maiyannah (maiyannah)'s status on Monday, 12-Dec-2016 07:20:48 EST maiyannah

     Remote profile options...

     • Bob Mottram
     @bob Definitely.  We could write an internal header with checksum, expected length, and a few other things that represent easy checks.
   • maiyannah (maiyannah)'s status on Monday, 12-Dec-2016 07:26:08 EST maiyannah

     Remote profile options...

     • Bob Mottram
     @bob Yes we'd definitely want to scrub anything that can't normally be in notices out of there though you could still run into problems regardless.