[Owncloud] Bug report

Marcel Waldvogel Marcel.Waldvogel at uni-konstanz.de
Mon Nov 26 04:52:59 UTC 2012


So a an appropriate warning in a <noscript> region on the login page would be simple and efficient.

Beste Grüsse,
-Marcel Waldvogel

Am 25.11.2012 um 23:22 schrieb Michael <mike at draftx.net>:

> While I agree that Javascript and cookies should be required, it should not silently fail if a person doesn't have either of them enabled. Some kind of error is always appreciated here.
> Mike
> 
> On Sun, Nov 25, 2012 at 4:13 PM, Simon Brereton <simon.buongiorno at gmail.com> wrote:
> Yes - for this one site.  Which I'd trust.  But short of using owncloud in a separate browser I'm forced to accept ask session cookies just to accommodate the few I can trust.
> 
> Ditto the Javascript.
> 
> Simon
> 
> On Nov 25, 2012 4:46 PM, "Frank Karlitschek" <frank at owncloud.org> wrote:
> >
> >
> > On 25.11.2012, at 22:24, Simon Brereton <simon.buongiorno at gmail.com> wrote:
> >
> > > Do you have a link for that assertion?
> > >
> > > http://arstechnica.com/security/2012/10/firefox-16-vulnerability-attack-code-available-online/
> > >
> > > It would seem to me that Javascript is still an issue.
> >
> > That was a Firefox bug that is already fixed.
> >
> >
> > >  Cookies may not present a security issue, but a privacy one, and unless you're prepared to undergo a lot of effort allowing them on a per-site basis is a lot of work most people baulk at.
> >
> > ownCloud is using only session cookies that are automatically removed when you close your browser and they are only send to ownCloud server. No privacy problem here.
> >
> > Frank
> >
> >
> > > The more software on the internet works without cookies and without Javascript the safer the world is in general.
> > >
> > > Simon
> > >
> > > On Nov 25, 2012 12:11 PM, "Frank Karlitschek" <frank at owncloud.org> wrote:
> > > >
> > > > Hi Mikko,
> > > >
> > > > thanks for thew bug report.
> > > > Unfortunately we don´t plan to support browsers without support for cookies and javascript at the moment.
> > > > This would restrict our possibilities in the web interface significantly and would lead to a second completely different interface.
> > > >
> > > > (Session)-Cookies and javascript aren´t considered harmful or insecure nowadays. Most security people even think that having the session ID in the url is less secure than in a session cookie.
> > > >
> > > > Why do you think this is a problem?
> > > >
> > > > The problem with ogg files is a known limitation at the moment. I hope someone improves this in the future.
> > > >
> > > >
> > > > Frank
> > > >
> > > >
> > > >
> > > > On 25.11.2012, at 17:23, Mikko V. Viinamäki <Mikko.Viinamaki at students.turkuamk.fi> wrote:
> > > >
> > > > > Hi!
> > > > >
> > > > > Since I don't have a github account... I noticed the web interface fails silently in case you don't allow cookies and same if you don't allow JavaScript. Also, this .ogg file was not added onto the music tab in the interface http://commons.wikimedia.org/wiki/File:BedBugs%26SaltyDog.ogg I wonder why?
> > > > >
> > > > > Besides that, owncloud's looking pretty slick!
> > > > >
> > > > > Mikko
> > > > > _______________________________________________
> > > > > Owncloud mailing list
> > > > > Owncloud at kde.org
> > > > > https://mail.kde.org/mailman/listinfo/owncloud
> > > >
> > > > _______________________________________________
> > > > Owncloud mailing list
> > > > Owncloud at kde.org
> > > > https://mail.kde.org/mailman/listinfo/owncloud
> >
> 
> _______________________________________________
> Owncloud mailing list
> Owncloud at kde.org
> https://mail.kde.org/mailman/listinfo/owncloud
> 
> 
> _______________________________________________
> Owncloud mailing list
> Owncloud at kde.org
> https://mail.kde.org/mailman/listinfo/owncloud

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/owncloud/attachments/20121126/c37405c5/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4485 bytes
Desc: not available
URL: <http://mail.kde.org/pipermail/owncloud/attachments/20121126/c37405c5/attachment.bin>


More information about the Owncloud mailing list