Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security Access to uploaded files & choice of folder to keep & manage files after OF restart #10

Open
ClaudeStabile opened this issue Aug 2, 2019 · 7 comments
Open

Security Access to uploaded files & choice of folder to keep & manage files after OF restart #10

ClaudeStabile opened this issue Aug 2, 2019 · 7 comments

Comments

@ClaudeStabile
Copy link

Hello,

httpupload is uploading file in a public area. If link to file is found, anyone can access it. Ideally we should have an option to restrict file access to signed OF users only to provide a better security with uploaded files. This option could be activated or not as we need a public access in some cases.
For storage location if a specific folder could be specify it would be helpfull. No erase on restart and ideally possible file management : no erase ; erase when max is reached, erase daily, weekly...

I understand that it is not an issue but rather enhancement suggestions. If it could be added it would be Great :)

Claude-
@wrooot
Copy link
Contributor

wrooot commented Aug 2, 2019

This is ok to post feature requests here. Although it is preferable one per ticket 😊 i suggest keeping this ticket for the secure url and move stuff about file and folder management to a new one.

For secure link to work users would have to somehow login to the server on the web besides the regular login in a client. Maybe http bind can be used for it. Not sure if this can be automated or at least do only one login first time.

Btw, that would go against the standard's requirement:

Do not provide any kind of access control or security for file retrieval beyond Transport Layer Security in form of HTTPS and long random paths that are impossible to guess. That means everyone who knows the URL SHOULD be able to access it.

https://xmpp.org/extensions/xep-0363.html

@ClaudeStabile
Copy link
Author

ClaudeStabile commented Aug 3, 2019
edited

@wrooot Thanks a lot for yr detailed & precise answer. I fully understand limits of security suggestion as it goes against xep-0363. Any improvement for uploaded file enhanced security would be an asset. thanks a lot for considering the point.
Thanks also for considering a better storage management improvement for uploaded files, purge & specific no tmp folder.

@guusdk
Copy link
Member

guusdk commented Nov 12, 2019
edited

Although I've not tested this myself yet, it should be possible to use another folder than a tmp folder by setting the property plugin.httpfileupload.fileRepo to a location on disk (since version 1.1.1)

@ClaudeStabile
Copy link
Author

@guusdk : Thanks a lot this change/enhancement, it will be very helpful. I will investigate ASAP and test but probably a very nice way to fix attachement files that get purged into /tmp when docker instances are restarted 👍 COOL !!!
:)

@ClaudeStabile
Copy link
Author

@guusdk : Just to confirm that i manage to configure the plugin to keep my files on a docker volume for each openfire instances using variable plugin.httpfileupload.fileRepo. Attachement files are now manageables and it cope with docker technology. Files are located in a safer place outside each docker instances. Such a solution is much more safer and better than usual sqllite database on each client phone as whatsapp telegram does. Local sqllite storage for sensitive attachement and files is a stupidity that bring many possible security exploits and overflows
Thanks for your efforts and changes made !

@fais3000
Copy link

fais3000 commented May 11, 2020
edited

@ClaudeStabile Can you please share your configuration for plugin.httpfileupload.fileRepo for docker setup? When I add a value of "/var/lib/openfire/files" I got 403 on PUT.

Note /var/lib/openfire is already shared with the docker host.

Here is my docker-compose

version: '2'
services:
  openfire:
    container_name: openfire
    image: kaneymhf/openfire
    ports:
      - "9090:9090/tcp"
      - "9091:9091/tcp"
      - "5223:5222/tcp"
      - "7777:7777/tcp"
      - "7070:7070/tcp"
      - "7443:7443/tcp"
    volumes:
      - /srv/docker/openfire/data:/var/lib/openfire
      - /srv/docker/openfire/logs:/var/log/openfire

@ClaudeStabile
Copy link
Author

ClaudeStabile commented May 11, 2020
edited

@fais3000
Hello, to awswer your questions : What i am doing is
-Create an openfire with a "docker run" instruction with -v to specifify an outside volume/mount to store attachements so something like :
docker run --name www -v /data/ATTACHEMENTS/WWW:/attachements/WWW
In this case data are stores into /data/ATTACHEMENTS/WWW on the main host
Then configure Openfire variables of your docker instance to target /attachements/WWW
Configure at least plugin.httpfileupload.fileRepo and plugin.httpfileupload.maxFileSize to modify max file size
See also attachement
screenshot5
You need to create a dedicated volume for it

Many thanks @guusdk for this hack, we can now manage & keep attachement for all openfire instances, it helps a lot.

Hope this helps your quest

Claude-

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@guusdk @wrooot @fais3000 @ClaudeStabile