[owncloud-devel] client cert authentication in ownCloud

questor frankn at hush.com
Wed Apr 13 16:51:18 GMT 2016


I'm new with ownCloud and I have already placed my question related to the
missing client cert authentication support in the owncloud.org forum. Here I
was pointed to the ownCloud developers.

Following:

https://github.com/owncloud/client/issues/69

It looks the developer gave up the plan to implement client cert
authentication for the ownClous tools and the mobile apps. That is very bad.
:(

The client cert authentication is the only way to protect ownCloud with open
standards (X.509/TLS) and an additional ownCloud independent security layer.
OTP is nice, but if an attacker identify weaknesses/vulnerabilities in
public accessible php scripts of the web application it can be exploited
also with OTP or other application based security functions. With client
cert authentication it can be protected completely on the webserver side
(outside and independent of the php layer!). And with client cert
authentication there is no stress to immediately update the software after a
PHP based vulnerability was disclosed.

Are there any plans to integrate the client cert authentication in the next
future?


Frank




--
View this message in context: http://owncloud.10557.n7.nabble.com/client-cert-authentication-in-ownCloud-tp17079.html
Sent from the Developers mailing list archive at Nabble.com.


More information about the Devel mailing list