Encryption Modul: encrypt Thumbnails on server as well #11790
Comments
|
Please raise separate bug reports for these, they are different things. For the image deletions there is already another report: #10484 |
JimLoose
changed the title
|
thx changed. |
|
cc @schiesbn |
|
Not sure why that folder isn't encrypted? It's being access through View. |
|
ping @schiesbn |
|
Encryption were never encrypted before. I believe most folders are excluded from encryption, except files, files_versions and files_trashbin |
|
@schiesbn How hard is it to enable encryption for previews. |
|
Because it limits itself to files and files_versions, see https://github.com/owncloud/core/blob/master/apps/files_encryption/lib/proxy.php#L52 |
|
Whitelisting is likely to not work because there is no location for the encryption key of the "thumbnails" folder. |
|
cc @karlitschek @DeepDiver1975 What's your opinion on encrypting the previews? |
|
I think it would be fine. |
|
Sounds like something that is possible but would not be very high on the priority list. I suggest that we first fix all the other sev1 and sev2 bug first ;-) |
|
Let's reevaluate this in 8.2 - with 8.1 we will get a different code organization for encryption - which might help to get this implemented easier |
|
So, what's the word on encrypting thumbnails with the new encryption module? This is a pretty big privacy issue. |
This is not part of the threat model and also documented: https://doc.owncloud.org/server/8.1/admin_manual/configuration_files/encryption_configuration.html?highlight=encryption#files-not-encrypted |
|
Just because it's documented doesn't mean that it's OK from my pov. If a users enables encryption, then those files should only be made available "in clear" in the clients. |
|
With ownCloud 8.0 and smaller this wasn't possible because all keys where relative to data/user/files, so we couldn't store encryption keys for files outside of the "files"-directory. With ownCloud 8.1 this will change. Now the keys are relative to data/user, so we can encrypt everything. Until now we decided to decrypt the same set of files and not to change the behavior to compared with ownCloud8. But we could easily encrypt the previews, we would just need to return true for "thumbnails" here: https://github.com/owncloud/core/blob/master/apps/encryption/lib/crypto/encryption.php#L338 |
|
@schiesbn That's really great news. What was the motivation behind the decision not to encrypt thumbnails in 8.1? |
|
@PVince81 agree, thanks |
ghost
modified the milestones:
|
hi guys. I was just questioning myself if thumbnails are encrypted too and googled to this ticket. is ...if you gave that hint and I just didnt read it, blame me |
|
Thumbnails are still not encrypted in the latest stable release (9.1.3) of owncloud. This makes encryption for images obsolete since any server host can still access private images of its users without doing any modification on the code. Is any progress made on this issue? Should be handled with a higher severity IMO. |
Some notes about that is available here:
The use case of the encryption app is not to protect your local files as widely known and explained here:
If you want to protect your data from your server host (no matter if he needs to modify code or not) is only possible with:
I think thats the main reason why this is not handled with a high severity: The encryption app is not there for protecting your files on your local disc. If its high severity for you they probably are also accepting Pull Requests with an implementation of this. |
|
thx for the info @kdslkdsaldsal. that means the privkey is not password protected with my login password ? |
|
@loomy It is protected with your login password. But everyone with access to your server (e.g. an administrator or an malicious user) can modify the ownCloud source code to:
There is no way for ownCloud to protect you from this and there is no way that the Encryption app is protecting local files (e.g. thumbnails as requested here) from users having access to your local server. If you want to have this security you need to use client-side encryption like explained above. |
|
@kdslkdsaldsal since I'm hosting my own owncloud instance on my root server in a datacenter I would not write down any password to the harddisk. But if the hoster itself extracts my HDD he can view all unencrypted files easily - where he would find all the thumbnails of my owncloud instance. This is definitely a security issue. |
|
@AykutCevik If you don't trust your hoster then you need to use client-side encryption. There are always possibilities that some one with physical access to your running server is able to get access to everything on your server. If some one is extracting your HDD you're having more serious issues than your thumbnails. 😄 Edit Disclaimer: I'm just want to point out here that the encryption app (or server side encryption in general) is giving you a false sense of security if you're trying to protect your data located on the same server where your private keys are located. |
|
This issue has been automatically closed. |
The text was updated successfully, but these errors were encountered: