Try the fastest and simplest way to install ONLYOFFICE

Authentication and Security

Authentication and Security

Postby rev138 » Fri Mar 17, 2017 2:42 am

Hi,

I recently started testing the Nextcloud app. It works well, but I would appreciate clarification on something:

I am running Document Server via the official docker image, which works without configuration, and the only thing Nextcloud knows about it is the URL. What stops anyone who discovers the url of my Document Server from using it? Is there a way to ensure that only my nextcloud users can access it?

Thanks!
Last edited by rev138 on Fri Mar 17, 2017 5:54 pm, edited 1 time in total.
rev138
 
Posts: 2
Joined: Fri Mar 17, 2017 2:34 am

Re: Authentication and Security

Postby Maxim » Fri Mar 17, 2017 8:01 am

Hello rev138!
ONLYOFFICE Document Server uses tokens generated using the JSON Web Tokens standard.
Maxim
 
Posts: 495
Joined: Tue Oct 11, 2016 2:34 pm

Re: Authentication and Security

Postby rev138 » Fri Mar 17, 2017 5:53 pm

What stops anyone else from configuring their nextcloud instance to point to my OO server and use it?
rev138
 
Posts: 2
Joined: Fri Mar 17, 2017 2:34 am

Re: Authentication and Security

Postby Maxim » Tue Mar 21, 2017 1:29 pm

JWT - if anyone else do not know your secret key it's not possible to use OO server. All incomming and outcoming requests will be secured by JWT.
Maxim
 
Posts: 495
Joined: Tue Oct 11, 2016 2:34 pm


Return to Miscellaneous

Who is online

Users browsing this forum: Exabot [Bot] and 1 guest