[Owncloud] Bug report

Simon Brereton simon.buongiorno at gmail.com
Sun Nov 25 22:13:35 UTC 2012


Yes - for this one site.  Which I'd trust.  But short of using owncloud in
a separate browser I'm forced to accept ask session cookies just to
accommodate the few I can trust.

Ditto the Javascript.

Simon

On Nov 25, 2012 4:46 PM, "Frank Karlitschek" <frank at owncloud.org> wrote:
>
>
> On 25.11.2012, at 22:24, Simon Brereton <simon.buongiorno at gmail.com>
wrote:
>
> > Do you have a link for that assertion?
> >
> >
http://arstechnica.com/security/2012/10/firefox-16-vulnerability-attack-code-available-online/
> >
> > It would seem to me that Javascript is still an issue.
>
> That was a Firefox bug that is already fixed.
>
>
> >  Cookies may not present a security issue, but a privacy one, and
unless you're prepared to undergo a lot of effort allowing them on a
per-site basis is a lot of work most people baulk at.
>
> ownCloud is using only session cookies that are automatically removed
when you close your browser and they are only send to ownCloud server. No
privacy problem here.
>
> Frank
>
>
> > The more software on the internet works without cookies and without
Javascript the safer the world is in general.
> >
> > Simon
> >
> > On Nov 25, 2012 12:11 PM, "Frank Karlitschek" <frank at owncloud.org>
wrote:
> > >
> > > Hi Mikko,
> > >
> > > thanks for thew bug report.
> > > Unfortunately we don´t plan to support browsers without support for
cookies and javascript at the moment.
> > > This would restrict our possibilities in the web interface
significantly and would lead to a second completely different interface.
> > >
> > > (Session)-Cookies and javascript aren´t considered harmful or
insecure nowadays. Most security people even think that having the session
ID in the url is less secure than in a session cookie.
> > >
> > > Why do you think this is a problem?
> > >
> > > The problem with ogg files is a known limitation at the moment. I
hope someone improves this in the future.
> > >
> > >
> > > Frank
> > >
> > >
> > >
> > > On 25.11.2012, at 17:23, Mikko V. Viinamäki <
Mikko.Viinamaki at students.turkuamk.fi> wrote:
> > >
> > > > Hi!
> > > >
> > > > Since I don't have a github account... I noticed the web interface
fails silently in case you don't allow cookies and same if you don't allow
JavaScript. Also, this .ogg file was not added onto the music tab in the
interface http://commons.wikimedia.org/wiki/File:BedBugs%26SaltyDog.ogg I
wonder why?
> > > >
> > > > Besides that, owncloud's looking pretty slick!
> > > >
> > > > Mikko
> > > > _______________________________________________
> > > > Owncloud mailing list
> > > > Owncloud at kde.org
> > > > https://mail.kde.org/mailman/listinfo/owncloud
> > >
> > > _______________________________________________
> > > Owncloud mailing list
> > > Owncloud at kde.org
> > > https://mail.kde.org/mailman/listinfo/owncloud
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/owncloud/attachments/20121125/39b4fa88/attachment.html>


More information about the Owncloud mailing list