[owncloud-user] Secure Connection to CIFS External Storage

Kevin Tomlinson Kevin.Tomlinson at ed.ac.uk
Thu Nov 20 11:15:58 GMT 2014


We're looking at mapping through storage from our NAS service to our 
owncloud platform.

The obvious way to do this is via the external storage plugin and the 
SMB / CIFS connector.

Unfortunately this has severe security implications (as far as I can 
tell) in that :

- Owncloud caches and stores the users password (in our case their AD 
password which clearly has wide ranging access across other services) 
symmetrically encrypted in the database.

- It then decrypts to plaintext pass through to the smb4php module for 
the backend connection.

This is extremely undesirable to us.

Is there a better way to do this? Either better integration of 
authentication in this area or an alternative connection method that's 
more secure?

We could also use sftp keys which would solve our issues (our NAS 
platform support sftp access with key exchange as necessary). But the 
sftp component of owncloud doesn't support sftp keys. The backend code / 
library used seems to have support for sftp key exchange but would need 
integrated / recoded in owncloud to support. Has anyone done this or 
looking at implementing this code?



ECDF Systems Team
e: kevin.tomlinson at ed.ac.uk
t: +44 (0)131 650 4996
Information Services, University of Edinburgh, JCMB,
Kings Buildings, Edinburgh. EH9 3JZ. United Kingdom.

The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.

More information about the User mailing list