diff --git a/datamodels/2.x/itop-backup/main.itop-backup.php b/datamodels/2.x/itop-backup/main.itop-backup.php
index 44029672c..ed0a93b83 100644
--- a/datamodels/2.x/itop-backup/main.itop-backup.php
+++ b/datamodels/2.x/itop-backup/main.itop-backup.php
@@ -47,31 +47,14 @@ class DBBackupScheduled extends DBBackup
 {
 	protected function LogInfo($sMsg)
 	{
-		static $bDebug = null;
-		if ($bDebug == null)
-		{
-			$bDebug = MetaModel::GetConfig()->GetModuleSetting('itop-backup', 'debug', false);
-		}
-
-		if ($bDebug)
-		{
-			echo $sMsg."\n";
-		}
+		echo $sMsg."\n";
+		IssueLog::Info($sMsg);
 	}
 
 	protected function LogError($sMsg)
 	{
-		static $bDebug = null;
-		if ($bDebug == null)
-		{
-			$bDebug = MetaModel::GetConfig()->GetModuleSetting('itop-backup', 'debug', false);
-		}
-
 		IssueLog::Error($sMsg);
-		if ($bDebug)
-		{
-			echo 'Error: '.$sMsg."\n";
-		}
+		echo 'Error: '.$sMsg."\n";
 	}
 
 	/**
diff --git a/datamodels/2.x/itop-backup/module.itop-backup.php b/datamodels/2.x/itop-backup/module.itop-backup.php
index 9a43a3b16..e0db89476 100644
--- a/datamodels/2.x/itop-backup/module.itop-backup.php
+++ b/datamodels/2.x/itop-backup/module.itop-backup.php
@@ -52,7 +52,7 @@ SetupWebPage::AddModule(
 			//'file_name_format' => '__DB__-%Y-%m-%d_%H_%M',
 			'retention_count' => 5, 
 			'enabled' => true,
-			'debug' => false,
+			'itop_root' => '',
 			'itop_backup_incident' => '',
 		),
 	)
diff --git a/setup/ajax.dataloader.php b/setup/ajax.dataloader.php
index 6dfbbd8a5..127873410 100644
--- a/setup/ajax.dataloader.php
+++ b/setup/ajax.dataloader.php
@@ -147,9 +147,11 @@ header("Expires: Fri, 17 Jul 1970 05:00:00 GMT");    // Date in the past
 $sOperation = Utils::ReadParam('operation', '');
 try
 {
-	if (is_file(utils::GetConfigFilePath()) && !is_writable(utils::GetConfigFilePath()))
+	$sAuthent = utils::ReadParam('authent', '', false, 'raw_data');
+	if (!file_exists(APPROOT.'data/setup/authent') || $sAuthent !== file_get_contents(APPROOT.'data/setup/authent'))
 	{
-		throw new Exception('Setup operations are not allowed outside of the setup');
+		throw new SecurityException('Setup operations are not allowed outside of the setup');
+		SetupPage::log_error("Setup operations are not allowed outside of the setup");
 	}
 
 	switch($sOperation)
diff --git a/setup/backup.class.inc.php b/setup/backup.class.inc.php
index ac71952c0..91effc125 100644
--- a/setup/backup.class.inc.php
+++ b/setup/backup.class.inc.php
@@ -313,8 +313,11 @@ if (class_exists('ZipArchive')) // The setup must be able to start even if the "
 			$sTmpFolder = APPROOT.'data/tmp-backup-'.rand(10000, getrandmax());
 			$aFiles = $this->PrepareFilesToBackup($sSourceConfigFile, $sTmpFolder);
 
+			$sFilesList = var_export($aFiles, true);
+			$this->LogInfo("backup: adding to archive files '$sFilesList'");
 			$oArchive->createModify($aFiles, '', $sTmpFolder);
 
+			$this->LogInfo("backup: removing tmp folder '$sTmpFolder'");
 			SetupUtils::rrmdir($sTmpFolder);
 		}
 
@@ -334,6 +337,7 @@ if (class_exists('ZipArchive')) // The setup must be able to start even if the "
 			{
 				SetupUtils::rrmdir($sTmpFolder);
 			}
+			$this->LogInfo("backup: creating tmp dir '$sTmpFolder'");
 			@mkdir($sTmpFolder, 0777, true);
 			if (is_null($sSourceConfigFile))
 			{
@@ -342,6 +346,7 @@ if (class_exists('ZipArchive')) // The setup must be able to start even if the "
 			if (!empty($sSourceConfigFile))
 			{
 				$sFile = $sTmpFolder.'/config-itop.php';
+				$this->LogInfo("backup: adding resource '$sSourceConfigFile'");
 				copy($sSourceConfigFile, $sFile);
 				$aRet[] = $sFile;
 			}
@@ -350,6 +355,7 @@ if (class_exists('ZipArchive')) // The setup must be able to start even if the "
 			if (file_exists($sDeltaFile))
 			{
 				$sFile = $sTmpFolder.'/delta.xml';
+				$this->LogInfo("backup: adding resource '$sDeltaFile'");
 				copy($sDeltaFile, $sFile);
 				$aRet[] = $sFile;
 			}
@@ -358,6 +364,7 @@ if (class_exists('ZipArchive')) // The setup must be able to start even if the "
 			{
 				$sModules = utils::GetCurrentEnvironment().'-modules';
 				$sFile = $sTmpFolder.'/'.$sModules;
+				$this->LogInfo("backup: adding resource '$sExtraDir'");
 				SetupUtils::copydir($sExtraDir, $sFile);
 				$aRet[] = $sFile;
 			}
@@ -434,7 +441,7 @@ if (class_exists('ZipArchive')) // The setup must be able to start even if the "
 			$sCommandDisplay = "$sMySQLDump --opt --skip-lock-tables --default-character-set=".$sMysqldumpCharset." --add-drop-database --single-transaction --host=$sHost $sPortOption --user=xxxxx --password=xxxxx $sTlsOptions --result-file=$sTmpFileName $sDBName $sTables";
 
 			// Now run the command for real
-			$this->LogInfo("Executing command: $sCommandDisplay");
+			$this->LogInfo("backup: generate data file with command: $sCommandDisplay");
 			$aOutput = array();
 			$iRetCode = 0;
 			exec($sCommand, $aOutput, $iRetCode);
diff --git a/setup/setup.js b/setup/setup.js
index 2474d0fa3..88a7cba8f 100644
--- a/setup/setup.js
+++ b/setup/setup.js
@@ -2,8 +2,9 @@ function WizardAsyncAction(sActionCode, oParams, OnErrorFunction)
 {
 	var sStepClass = $('#_class').val();
 	var sStepState = $('#_state').val();
+	var sAuthent = $('#authent_token').val();
 	
-	var oMap = { operation: 'async_action', step_class: sStepClass, step_state: sStepState, code: sActionCode, params: oParams };
+	var oMap = { operation: 'async_action', step_class: sStepClass, step_state: sStepState, code: sActionCode, authent : sAuthent, params: oParams };
 	
 	var ErrorFn = OnErrorFunction;
 	$(document).ajaxError(function(event, request, settings) {
diff --git a/setup/tar.php b/setup/tar.php
index 7d39682a1..dee7088a8 100644
--- a/setup/tar.php
+++ b/setup/tar.php
@@ -1214,7 +1214,7 @@ class ArchiveTar
 				$iBufferLen = strlen("$v_buffer");
 				if ($iBufferLen != $iLen)
 				{
-					$iPack = ((int)($iBufferLen / 512) + 1) * 512;
+					$iPack = (ceil($iBufferLen / 512)) * 512;
 					$sPack = sprintf('a%d', $iPack);
 				}
 				else
diff --git a/setup/wizardsteps.class.inc.php b/setup/wizardsteps.class.inc.php
index 91631d78f..1e3798c9c 100644
--- a/setup/wizardsteps.class.inc.php
+++ b/setup/wizardsteps.class.inc.php
@@ -57,6 +57,13 @@ class WizStepWelcome extends WizardStep
 	
 	public function ProcessParams($bMoveForward = true)
 	{
+		if (!file_exists(APPROOT.'data/setup'))
+		{
+			mkdir(APPROOT.'data/setup');
+		}
+		$sUID = hash('sha256', rand());
+		file_put_contents(APPROOT.'data/setup/authent', $sUID);
+		$this->oWizard->SetParameter('authent', $sUID);
 		return array('class' => 'WizStepInstallOrUpgrade', 'state' => '');
 	}
 	
@@ -284,6 +291,8 @@ class WizStepInstallOrUpgrade extends WizardStep
 		$oPage->add('<tr><td colspan="2">');
 		$oPage->add($sMySQLDumpMessage.'<br/><span id="backup_info" style="font-size:small;color:#696969;">'.$sMessage.'</span></td></tr>');
 		$oPage->add('</table>');
+		$sAuthentToken = $this->oWizard->GetParameter('authent', '');
+		$oPage->add('<input type="hidden" id="authent_token" value="'.$sAuthentToken.'"/>');
 		//$oPage->add('</fieldset>');
 		$oPage->add_ready_script(
 <<<EOF
@@ -802,6 +811,8 @@ class WizStepDBParams extends WizardStep
 		$oPage->add('<table>');
 		SetupUtils::DisplayDBParameters($oPage, true, $sDBServer, $sDBUser, $sDBPwd, $sDBName, $sDBPrefix, $sTlsEnabled,
 			$sTlsCA, $sNewDBName);
+		$sAuthentToken = $this->oWizard->GetParameter('authent', '');
+		$oPage->add('<input type="hidden" id="authent_token" value="'.$sAuthentToken.'"/>');
 		$oPage->add('</table>');
 		$sCreateDB = $this->oWizard->GetParameter('create_db', 'yes');
 		if ($sCreateDB == 'no')
@@ -996,6 +1007,8 @@ class WizStepMiscParams extends WizardStep
         $sChecked = ($sSampleData == 'no') ? 'checked ' : '';
         $oPage->p('<input id="sample_data_no" name="sample_data" type="radio" value="no" '.$sChecked.'><label for="sample_data_no">&nbsp;I am installing a <b>production</b> instance, create an empty database to start from.');
 		$oPage->add('</fieldset>');
+		$sAuthentToken = $this->oWizard->GetParameter('authent', '');
+		$oPage->add('<input type="hidden" id="authent_token" value="'.$sAuthentToken.'"/>');
 		$oPage->add_ready_script(
 <<<EOF
 		$('#application_url').bind('change keyup', function() { WizardUpdateButtons(); } );
@@ -2239,7 +2252,10 @@ EOF
 		
 		$sJSONData = json_encode($aInstallParams);
 		$oPage->add('<input type="hidden" id="installer_parameters" value="'.htmlentities($sJSONData, ENT_QUOTES, 'UTF-8').'"/>');
-
+		
+		$sAuthentToken = $this->oWizard->GetParameter('authent', '');
+		$oPage->add('<input type="hidden" id="authent_token" value="'.$sAuthentToken.'"/>');
+		
 		if (!$this->CheckDependencies())
 		{
 			$oPage->error($this->sDependencyIssue);
@@ -2494,14 +2510,14 @@ class WizStepDone extends WizardStep
 			$oPage->ok("The installation completed successfully.");
 		}
 
-		if (($this->oWizard->GetParameter('mode', '') == 'upgrade') && $this->oWizard->GetParameter('db_backup', false))
+		if (($this->oWizard->GetParameter('mode', '') == 'upgrade') && $this->oWizard->GetParameter('db_backup', false) && $this->oWizard->GetParameter('authent', false))
 		{
 			$sBackupDestination = $this->oWizard->GetParameter('db_backup_path', '');
 			if (file_exists($sBackupDestination.'.tar.gz'))
 			{
 				// To mitigate security risks: pass only the filename without the extension, the download will add the extension itself
 				$oPage->p('Your backup is ready');
-				$oPage->p('<a style="background:transparent;" href="'.utils::GetAbsoluteUrlAppRoot().'setup/ajax.dataloader.php?operation=async_action&step_class=WizStepDone&params[backup]='.urlencode($sBackupDestination).'" target="_blank"><img src="../images/tar.png" style="border:0;vertical-align:middle;">&nbsp;Download '.basename($sBackupDestination).'</a>');
+				$oPage->p('<a style="background:transparent;" href="'.utils::GetAbsoluteUrlAppRoot().'setup/ajax.dataloader.php?operation=async_action&step_class=WizStepDone&params[backup]='.urlencode($sBackupDestination).'&authent='.$this->oWizard->GetParameter('authent','').'" target="_blank"><img src="../images/tar.png" style="border:0;vertical-align:middle;">&nbsp;Download '.basename($sBackupDestination).'</a>');
 			}
 			else
 			{