Nextcloud Server
Go to file
Lukas Reschke 8313a3fcb3 Add mitigation against BREACH
While BREACH requires the following three factors to be effectively exploitable we should add another mitigation:

1. Application must support HTTP compression
2. Response most reflect user-controlled input
3. Response should contain sensitive data

Especially part 2 is with ownCloud not really given since user-input is usually only echoed if a CSRF token has been passed.

To reduce the risk even further it is however sensible to encrypt the CSRF token with a shared secret. Since this will change on every request an attack such as BREACH is not feasible anymore against the CSRF token at least.
2015-08-14 01:31:32 +02:00
.idea
3rdparty@b94f7d38f6 [provisioning api] Test for correct displayname 2015-08-11 13:01:37 +02:00
apps Merge pull request #18178 from owncloud/files-sidebar-actions 2015-08-13 17:17:10 +02:00
build Implement OCP Since Check for classes and interfaces 2015-07-27 10:49:45 +02:00
config Merge pull request #18065 from owncloud/new-trashbin-retention 2015-08-12 13:13:45 +02:00
core Merge pull request #18178 from owncloud/files-sidebar-actions 2015-08-13 17:17:10 +02:00
l10n
lib Add mitigation against BREACH 2015-08-14 01:31:32 +02:00
ocs Reduce duplicate code 2015-08-03 18:06:07 +02:00
ocs-provider
settings also don't count group members when more than 1 ldap configs are active 2015-08-13 14:44:17 +02:00
tests Add mitigation against BREACH 2015-08-14 01:31:32 +02:00
themes Revert "make knowledge base url configurable" 2015-08-11 14:20:25 +02:00
.bowerrc
.gitignore
.gitmodules
.htaccess
.jshintrc
.mailmap
.scrutinizer.yml
.tag
.user.ini
AUTHORS
autotest-external.sh
autotest-hhvm.sh
autotest-js.sh
autotest.cmd
autotest.sh Add possible use of docker instance for MariaDB 2015-07-29 10:44:56 +02:00
bower.json add backbone.js 2015-08-06 00:00:40 +02:00
buildjsdocs.sh
console.php
CONTRIBUTING.md
COPYING-AGPL
COPYING-README
cron.php
db_structure.xml Store storage availability in database 2015-07-20 16:27:26 +01:00
index.html
index.php
indie.json
issue_template.md
occ
public.php
README.md
remote.php
robots.txt
status.php
version.php Bump version patch number, fixes #18129 2015-08-11 14:43:32 +01:00

ownCloud

ownCloud gives you freedom and control over your own data. A personal cloud which runs on your own server.

Build Status on Jenkins CI

Git master: Build Status

Quality:

  • Scrutinizer: Scrutinizer Quality Score
  • CodeClimate: Code Climate

Depencencies:

Dependency Status

Dependency Status

Installation instructions

https://doc.owncloud.org/server/8.2/developer_manual/app/index.html

Contribution Guidelines

https://owncloud.org/contribute/

Get in touch

Important notice on translations

Please submit translations via Transifex: https://www.transifex.com/projects/p/owncloud/

Transifex

For more detailed information about translations: http://doc.owncloud.org/server/8.2/developer_manual/core/translation.html