- #BITNAMI OWNCLOUD INCREASE DISK INSTALL#
- #BITNAMI OWNCLOUD INCREASE DISK SOFTWARE#
- #BITNAMI OWNCLOUD INCREASE DISK PASSWORD#
That the initial SECRET_KEY was basically generated by `str(random.randint(0,100000))` did make this all much more worse… (.
#BITNAMI OWNCLOUD INCREASE DISK PASSWORD#
This means that if somebody knows the SECRET_KEY they could create valid password reset tokens. However, Seafile has removed the hashed password out of their version of "tokens.py". And even if an attacker knows the SECRET_KEY they would not be able to generate a valid token as the old password hash is required. Number of days since converted to base 36īasically except the configured SECRET_KEY and the hashed version of the password everything is known to an attacker. Timestamp of the last login (1 second accuracy) , basically a valid password reset token in default Django requires an attacker to know: The constant time comparison is pretty irrelevant here. That was actually the part where they partially mitigated the vulnerability with. If it does contact photo sync (annoyingly not currently supported my FastMail CardDAV) I'll give it a try.
#BITNAMI OWNCLOUD INCREASE DISK SOFTWARE#
This is orders of magnitude less likely and for me is an acceptable risk, especially considering the simpler software stack.Īnd I'm definitely checking out radicale, thanks for the tip. Now I'm comfortable trusting Seafile to do all that because an attacker would need to compromise both my VPS and my local machine to gain access to sensitive data. EncFS was a workaround, but it cluttered up Nautilus with extra drives since every encrypted directory had to be mounted as a drive. We are discussing degrees of trust here, so while I was happy to trust ownCloud and the VPS to be there for a request, and to not corrupt my data, I didn't trust that my sensitive data was safe if the server was compromised. Seafile has a much smaller attack surface (no PHP, MySQL not required, etc) and handles the client-side encryption itself. > But you didn't trust the software with your files? In what way is the SeaFile solution you are running now more trustworthy? I still prefer to use a remote VPS because some things are best left to the pros. I'm lucky to have a gigabit FTTH connection and moving lots of data around is no problem. Yes, I prefer to self-host anything I can. I feel it's a huge shame google and facebook stopped fedarating their xmpp services. The fedearation, the gazillion clients and the maturity of the software is just so so nice that I am sad that it isn't more popular. RocketChat I don't know and I should look into but I do feel that XMPP should be the chat replacement for all. The webinterface desperately needs a good UIoverall but it works and it doesn't get in the way.
A java product which just runs and it runs well.
It could be my incompetence with that product but I prefer subsonic. OwnCloud is really pulling through on the whole "google replacement", work has been started on a mail client which looks very nice and works decently (for now).Īmpache is cool but I found the installation to be too fiddly and easy to break. Radicale is a wonderfull little python Cal/CardDAV server but it hasn't got a web interface which is a feature I do miss when I don't have it.
#BITNAMI OWNCLOUD INCREASE DISK INSTALL#
It is the easiest to install and best accessable web interface Cal/CardDAV software out there. OwnCloud is wonderful for file syncing but where it really shines is the contact and calendar sync. It feels to much like a "look at my setup" posts, which are nice to read but it could be much better. I would like to read the reasoning behind the individual choices OR the reasoning behind the overall choice of moving a way from big corp products. OwnCloud is nice, but why should I pick on OwnCloud and not SeaFile. It falls short to compare the different possible services and the possibilities you can have with them. Although this is a nice write up about a possible setup for self hosted alternatives for popular cloud services, I don't like it.
0 kommentar(er)
