[SECURITY] Client-Side encryption not working #824
Comments
|
Use encrypted library. |
|
how? I cannot find how to do it |
|
When you create a library, choose the option of encryption |
jonaysanz
changed the title
|
There's a Securrity Issue on client-side encryption. I uploaded a video with my test. If isn't like this, explain me. I used encrypted library. |
|
I get what you are talking about now. Client side encryption only work when you sync files via the desktop client. We have removed the support of client side encryption via web browser. It is hard to maintain. |
|
When uploading files via the browser(with and without ssl) in an encrypted library, it will be stored encrypted on the server? |
|
afaik your key will be cached on the server for one hour in this case and the servery encrypts your data. So you should use ssl for that. And you should trust the server running seafile otherwise it would be better not to type in your enrypted library password in the browser (which sends it to the server to encrypt your files there). |
|
@shoeper thx! |
Client-Side encryption is not working. My files are been uploaded in a plain way.
Steps to reproduce it:
1- Install and deploy seafile on your computer
2- Do not use HTTPS. Only plain HTTP
3- Write a TXT file with any content
4- Open WireShark to capture network requests
5- Upload file
On WireShark you can see in a request your TXT file
The text was updated successfully, but these errors were encountered: