Page 1 of 1

Authentication and Security

PostPosted: Fri Mar 17, 2017 2:42 am
by rev138
Hi,

I recently started testing the Nextcloud app. It works well, but I would appreciate clarification on something:

I am running Document Server via the official docker image, which works without configuration, and the only thing Nextcloud knows about it is the URL. What stops anyone who discovers the url of my Document Server from using it? Is there a way to ensure that only my nextcloud users can access it?

Thanks!

Re: Authentication and Security

PostPosted: Fri Mar 17, 2017 8:01 am
by Maxim
Hello rev138!
ONLYOFFICE Document Server uses tokens generated using the JSON Web Tokens standard.

Re: Authentication and Security

PostPosted: Fri Mar 17, 2017 5:53 pm
by rev138
What stops anyone else from configuring their nextcloud instance to point to my OO server and use it?

Re: Authentication and Security

PostPosted: Tue Mar 21, 2017 1:29 pm
by Maxim
JWT - if anyone else do not know your secret key it's not possible to use OO server. All incomming and outcoming requests will be secured by JWT.