[Owncloud] Question about security
Robin
icewind1991 at gmail.com
Tue Aug 10 23:33:46 UTC 2010
On Wednesday, August 11, 2010 01:01:17 Jakob Sack wrote:
> Hi,
>
> there are two options that come to my mind.
> a) using a data folder location outside the webroot (possible if you have
> root access to the webserver)
> b) creating a .htaccess with the appropriate rights (order allow deny, deny
> from all)
>
> The second option is the one all can use, including the users of a shared
> webhosting service. Maybe the creation of this file can be done by
> owncloud. Regards,
>
> Jakob
>
> Am Mittwoch, 11. August 2010, 00:02:15 schrieb Pauleman (DerPaul):
> > Hello all,
> >
> > just for fun I tested to download a file directly from the data location
> > of owncloud. I was surprised that there was no protection of the data
> > directory and also of the backup directory. Is there any idea to prevent
> > the direct access?
> >
> > Regards
> >
> > Pauleman
The problem with .htaccess is that not all http server support it, we try to
support more then apache.
We need to find a sane sollution that works across various web servers
- Robin Appelman
More information about the Owncloud
mailing list