client cert authentication in ownCloud

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

client cert authentication in ownCloud

questor
I'm new with ownCloud and I have already placed my question related to the missing client cert authentication support in the owncloud.org forum. Here I was pointed to the ownCloud developers.

Following:

https://github.com/owncloud/client/issues/69

It looks the developer gave up the plan to implement client cert authentication for the ownClous tools and the mobile apps. That is very bad. :(

The client cert authentication is the only way to protect ownCloud with open standards (X.509/TLS) and an additional ownCloud independent security layer. OTP is nice, but if an attacker identify weaknesses/vulnerabilities in public accessible php scripts of the web application it can be exploited also with OTP or other application based security functions. With client cert authentication it can be protected completely on the webserver side (outside and independent of the php layer!). And with client cert authentication there is no stress to immediately update the software after a PHP based vulnerability was disclosed.

Are there any plans to integrate the client cert authentication in the next future?


Frank
Reply | Threaded
Open this post in threaded view
|

Re: client cert authentication in ownCloud

Chris-3
CONTENTS DELETED
The author has deleted this message.