[Owncloud] Question about security

Robin icewind1991 at gmail.com
Tue Aug 10 23:33:46 UTC 2010


On Wednesday, August 11, 2010 01:01:17 Jakob Sack wrote:
> Hi,
> 
> there are two options that come to my mind.
> a) using a data folder location outside the webroot (possible if you have
> root access to the webserver)
> b) creating a .htaccess with the appropriate rights (order allow deny, deny
> from all)
> 
> The second option is the one all can use, including the users of a shared
> webhosting service. Maybe the creation of this file can be done by
> owncloud. Regards,
> 
> Jakob
> 
> Am Mittwoch, 11. August 2010, 00:02:15 schrieb Pauleman (DerPaul):
> > Hello all,
> > 
> > just for fun I tested to download a file directly from the data location
> > of owncloud. I was surprised that there was no protection of the data
> > directory and also of the backup directory. Is there any idea to prevent
> > the direct access?
> > 
> > Regards
> > 
> > Pauleman
The problem with .htaccess is that not all http server support it, we try to 
support more then apache.

We need to find a sane sollution that works across various web servers

 - Robin Appelman



More information about the Owncloud mailing list