[owncloud-user] Secure Connection to CIFS External Storage
Kevin.Tomlinson at ed.ac.uk
Thu Nov 20 11:15:58 GMT 2014
We're looking at mapping through storage from our NAS service to our
The obvious way to do this is via the external storage plugin and the
SMB / CIFS connector.
Unfortunately this has severe security implications (as far as I can
tell) in that :
- Owncloud caches and stores the users password (in our case their AD
password which clearly has wide ranging access across other services)
symmetrically encrypted in the database.
- It then decrypts to plaintext pass through to the smb4php module for
the backend connection.
This is extremely undesirable to us.
Is there a better way to do this? Either better integration of
authentication in this area or an alternative connection method that's
We could also use sftp keys which would solve our issues (our NAS
platform support sftp access with key exchange as necessary). But the
sftp component of owncloud doesn't support sftp keys. The backend code /
library used seems to have support for sftp key exchange but would need
integrated / recoded in owncloud to support. Has anyone done this or
looking at implementing this code?
ECDF Systems Team
e: kevin.tomlinson at ed.ac.uk
t: +44 (0)131 650 4996
Information Services, University of Edinburgh, JCMB,
Kings Buildings, Edinburgh. EH9 3JZ. United Kingdom.
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.
More information about the User