-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[SECURITY] Client-Side encryption not working #824
Comments
Use encrypted library. |
how? I cannot find how to do it |
When you create a library, choose the option of encryption |
There's a Securrity Issue on client-side encryption. I uploaded a video with my test. If isn't like this, explain me. I used encrypted library. |
I get what you are talking about now. Client side encryption only work when you sync files via the desktop client. We have removed the support of client side encryption via web browser. It is hard to maintain. |
When uploading files via the browser(with and without ssl) in an encrypted library, it will be stored encrypted on the server? |
afaik your key will be cached on the server for one hour in this case and the servery encrypts your data. So you should use ssl for that. And you should trust the server running seafile otherwise it would be better not to type in your enrypted library password in the browser (which sends it to the server to encrypt your files there). |
@shoeper thx! |
Client-Side encryption is not working. My files are been uploaded in a plain way.
Steps to reproduce it:
1- Install and deploy seafile on your computer
2- Do not use HTTPS. Only plain HTTP
3- Write a TXT file with any content
4- Open WireShark to capture network requests
5- Upload file
On WireShark you can see in a request your TXT file
The text was updated successfully, but these errors were encountered: