Access to Document Server storage is not secured

Integration questions/issues
Post Reply
konfetov
Posts: 2
Joined: Thu Oct 26, 2017 3:24 pm

Access to Document Server storage is not secured

Post by konfetov » Thu Oct 26, 2017 3:56 pm

Hello,

I have found that an access to Document Server to get a document from cache is not secured.

How to reproduce using Confluence Plugin for OnlyOffice Document Server.
1. Edit a document in Confluence with OnlyOffice plugin.
A following url is created to fetch a document from the storage
https://onlyoffice.mydomain.com/cache/f ... output.tmp

2. Then if I type the same URL in another browser / computer I can successfully get the document. So a user which is not logged to Confluence is able to load a document.

Please check if this is an error and why JWT is not used here.

Best regards,
Evgeniy

Maxim
Posts: 1790
Joined: Tue Oct 11, 2016 2:34 pm

Re: Access to Document Server storage is not secured

Post by Maxim » Mon Oct 30, 2017 11:48 am

Hello konfetov!
Confluence Plugin has not been finalized for now.

Post Reply