[Owncloud] Bug report

Michael mike at draftx.net
Sun Nov 25 22:22:16 UTC 2012


While I agree that Javascript and cookies should be required, it should not
silently fail if a person doesn't have either of them enabled. Some kind of
error is always appreciated here.
Mike

On Sun, Nov 25, 2012 at 4:13 PM, Simon Brereton
<simon.buongiorno at gmail.com>wrote:

> Yes - for this one site.  Which I'd trust.  But short of using owncloud in
> a separate browser I'm forced to accept ask session cookies just to
> accommodate the few I can trust.
>
> Ditto the Javascript.
>
> Simon
>
> On Nov 25, 2012 4:46 PM, "Frank Karlitschek" <frank at owncloud.org> wrote:
> >
> >
> > On 25.11.2012, at 22:24, Simon Brereton <simon.buongiorno at gmail.com>
> wrote:
> >
> > > Do you have a link for that assertion?
> > >
> > >
> http://arstechnica.com/security/2012/10/firefox-16-vulnerability-attack-code-available-online/
> > >
> > > It would seem to me that Javascript is still an issue.
> >
> > That was a Firefox bug that is already fixed.
> >
> >
> > >  Cookies may not present a security issue, but a privacy one, and
> unless you're prepared to undergo a lot of effort allowing them on a
> per-site basis is a lot of work most people baulk at.
> >
> > ownCloud is using only session cookies that are automatically removed
> when you close your browser and they are only send to ownCloud server. No
> privacy problem here.
> >
> > Frank
> >
> >
> > > The more software on the internet works without cookies and without
> Javascript the safer the world is in general.
> > >
> > > Simon
> > >
> > > On Nov 25, 2012 12:11 PM, "Frank Karlitschek" <frank at owncloud.org>
> wrote:
> > > >
> > > > Hi Mikko,
> > > >
> > > > thanks for thew bug report.
> > > > Unfortunately we don´t plan to support browsers without support for
> cookies and javascript at the moment.
> > > > This would restrict our possibilities in the web interface
> significantly and would lead to a second completely different interface.
> > > >
> > > > (Session)-Cookies and javascript aren´t considered harmful or
> insecure nowadays. Most security people even think that having the session
> ID in the url is less secure than in a session cookie.
> > > >
> > > > Why do you think this is a problem?
> > > >
> > > > The problem with ogg files is a known limitation at the moment. I
> hope someone improves this in the future.
> > > >
> > > >
> > > > Frank
> > > >
> > > >
> > > >
> > > > On 25.11.2012, at 17:23, Mikko V. Viinamäki <
> Mikko.Viinamaki at students.turkuamk.fi> wrote:
> > > >
> > > > > Hi!
> > > > >
> > > > > Since I don't have a github account... I noticed the web interface
> fails silently in case you don't allow cookies and same if you don't allow
> JavaScript. Also, this .ogg file was not added onto the music tab in the
> interface http://commons.wikimedia.org/wiki/File:BedBugs%26SaltyDog.ogg I
> wonder why?
> > > > >
> > > > > Besides that, owncloud's looking pretty slick!
> > > > >
> > > > > Mikko
> > > > > _______________________________________________
> > > > > Owncloud mailing list
> > > > > Owncloud at kde.org
> > > > > https://mail.kde.org/mailman/listinfo/owncloud
> > > >
> > > > _______________________________________________
> > > > Owncloud mailing list
> > > > Owncloud at kde.org
> > > > https://mail.kde.org/mailman/listinfo/owncloud
> >
>
> _______________________________________________
> Owncloud mailing list
> Owncloud at kde.org
> https://mail.kde.org/mailman/listinfo/owncloud
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/owncloud/attachments/20121125/be0a4a4e/attachment.html>


More information about the Owncloud mailing list