Recent content by watou

Installed and confirmed not seeing the crash. Thank you.

Server just upgraded to 1.4.0 of DigitalOcean DNS extension, can't use it as it throws PHP exception: Server Error 500 Digitaloceandns\League\OAuth2\Client\Grant\Exception\InvalidGrantException Grant "League\OAuth2\Client\Grant\RefreshToken" must extend AbstractGrant

Thank you for confirming that you've completely misunderstood all that I've said, and that I am not in fact losing my mind. All the best!

Perhaps you're misunderstanding me? I cannot see inside the Plesk source code for the settings/params it uses to talk to the external services, so no amount of reading up on the cloud storage provider's documentation is going to answer those questions. And when you share information here in...

I generally agree with what you're saying, @Kaspar, but in the case where a Plesk software component has chosen a setting or parameter that is not exposed in either the UI or the documentation, that can leave customers assuming incorrectly about an important aspect of their data security...

To reiterate the other part of my request, will Plesk consider documenting the way in which it pushes backup data to external services, so customers are not left wondering? There are choices embedded in your software components as to how this is done, which are not obvious and not reflected in...

When Plesk pushes backup data off the server to somewhere else, each specific software component doing the pushing ought to describe in detail in its documentation what it's doing, and the general consequences of doing so. For example, the Plesk-authored DigitalOcean Spaces extension, for...

Thank you for your explanation, @Kaspar, and for providing an example of the viability of the suggestion given in the documentation. Might I suggest improved wording in the documentation to include the new information you have provided for the benefit of future customers and prospects?

I believe my concerns are valid for those organisations that cannot tolerate the existence of unencrypted, off-site backups of customer data, but I see it is arguable for other organisations that already use cloud servers containing unencrypted customer data where another unencrypted copy in an...

And there's always the chance I have this wrong, which would be funny!

Hi Peter, thanks again for your replies. I come to the previous conclusion because Plesk offers, for example, a solution to automatically upload a scheduled backup to DigitalOcean Spaces and yet there is no ability to fully encrypt the backup, meaning that any person with the full path to the...

It's extremely disappointing that Plesk appears to include an inherently insecure cloud backup function as a core component of its product offering, and then appears to disavow responsibility for it when questioned. (That's the only reasonable conclusion one can draw from your reply.) I would...

Thank you for your reply, Peter. Can Plesk name a supported S3-compatible storage provider that can live up to the advice "enable backup encryption" so that backup tar files are not freely accessible if known by name, over HTTPS? Does any S3-compatible storage provider have a feature called...

In this page of the documentation, we are given the warning Note: The Plesk internal key encrypts only certain data in a backup but not the whole backup. If you store backups in remote cloud storage, you can enable backup encryption on the cloud storage side. But there is no real-world example...