Re: NFS client and untrusted server
- Date: Sat, 25 Nov 2017 07:01:06 +0100
- From: Chris <chris2014@xxxxxxxxxxx>
- Subject: Re: NFS client and untrusted server
On Fri, 24 Nov 2017 21:44:56 -0500
Roberto C. Sánchez wrote:
> NFS is a very old protocol that very likely has as yet undiscovered
> vulnerabilities. I would expect that the likelihood of there being
> even a theoretical vulnerability that would allow a malicous user on
> the server to gain access to a client would be very low.
Ok. I wasn't sure because it seems rather complex with all this RPC
> However, I think you are going about this all wrong. A backup script
> or program would have to touch/examine every file to determine its
> age, MD5 sum, or whatever other feature drives the backup/no-backup
> decision. NFS is actually a terrible protocol for this sort of thing.
Ok,  for example says it's factor two compared to iSCSI.
> That is likely to be more secure and I can practically guarantee it
> will have better performance.
That's probably better. I was thinking about NFS because I don't have
enough disks on the backup server. Those files should go to tape.
Thank you for your quick reply!