Try the fastest and simplest way to install ONLYOFFICE

Access to Document Server storage is not secured

Integration questions/issues

Access to Document Server storage is not secured

Postby konfetov » Thu Oct 26, 2017 3:56 pm

Hello,

I have found that an access to Document Server to get a document from cache is not secured.

How to reproduce using Confluence Plugin for OnlyOffice Document Server.
1. Edit a document in Confluence with OnlyOffice plugin.
A following url is created to fetch a document from the storage
https://onlyoffice.mydomain.com/cache/f ... output.tmp

2. Then if I type the same URL in another browser / computer I can successfully get the document. So a user which is not logged to Confluence is able to load a document.

Please check if this is an error and why JWT is not used here.

Best regards,
Evgeniy
konfetov
 
Posts: 2
Joined: Thu Oct 26, 2017 3:24 pm

Re: Access to Document Server storage is not secured

Postby Maxim » Mon Oct 30, 2017 11:48 am

Hello konfetov!
Confluence Plugin has not been finalized for now.
Maxim
 
Posts: 1236
Joined: Tue Oct 11, 2016 2:34 pm


Return to API

Who is online

Users browsing this forum: Bing [Bot] and 1 guest

cron