Page 1 of 1

Document Server Security

PostPosted: Wed Aug 19, 2015 9:15 pm
by ckinsey
I am using the OnlyOffice Document Server only (not community).

How can I provide security for documents uploaded to that server? I thought I might be able to take advantage of the vkey value in the API config, but it doesn't seem to get passed back to my server. There is nothing to stop someone from download other users' files if they can get the document's key.

Re: Document Server Security

PostPosted: Fri Aug 21, 2015 4:19 pm
by AnaMih
In the current version if someone has the key of another document, he can access to it.
This issue will be fixed soon, we are currently working on the solution.

Re: Document Server Security

PostPosted: Fri Jan 27, 2017 11:56 pm
by ckinsey
Was there ever an update to address this issue?

Re: Document Server Security

PostPosted: Wed Feb 15, 2017 6:58 am
by Maxim
Hello ckinsey!
Was there ever an update to address this issue?

We have implemented into the OnlyOffice (this feature is used in Document Server starting with version 4.2) JSON Web Tokens standard that provides security for documents. Now this Standard protects users against unauthorized access to their documents.