New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
server <-> server sharing #7221
Comments
@icewind1991 I think we already talked about this a bit, you could start with making public links mountable as external storage. |
Actually I thought about this the other day and found good flow how to mount the share. Instead of »user b takes the sharing link from user a and puts it into a tbd mount interface.«:
This would be a good flow because you probably know the address of your ownCloud and you don’t have to go copy the share link manually. cc @DeepDiver1975 @Gomez with whom I talked about this. What do you think @karlitschek @owncloud/designers? |
Between
and
A confirmation window is required to prevent CSRF since we have no requesttoken in such cases. |
What do you exactly mean? Couldn’t the link be added as a parameter? Like so:
ownCloud just needs a way to understand that parameter and then automatically add the file. Because from the user’s perspective, I already gave confirmation by putting in my ownCloud address. |
Your ownCloud server has no idea whether you actually sent the request by invoking an user action or by visiting a malicious site. That's how the HTTP protocol works, you have links like The CSRF token is a long random value which is sent with every request originating from the ownCloud instance that oC uses to verify that you really wanted to perform that action and not an attacker. The link looks now like
That not something that we should do.
Yes. But your own ownCloud server doesn't know that you've added the link on your own. It could also be a malicious scripts that floods your home folder. |
What we have to do is just a step in the user interaction more, if the user enters the URL he is redirected to his ownCloud instance and a modal is shown containing a question like: "Do you really want to add XYZ from Frank to your ownCloud?" |
good idea. Additionally it should be possible to do it the other way around. So you go to your ownCloud server and past somewhere the sharing link that you got from someone to mount it into your ownCloud. |
Ok, the additional confirmation sounds not too intrusive. @karlitschek yes, it should be possible both ways. |
Agree with the flow but would personally prefer inputting the remote URL into my own ownCloud as I don't necessarily want to "risk" giving away my ownCloud URL to the remote ownCloud. |
Yeah – once you mount it, your ownClouds are connected anyway. So if you don’t want to risk giving away your URL, just download the file instead. So it seems we could need 2 additional options in the »Download« dropdown:
That separation could also be done in the verification step once you are redirected to your own ownCloud. |
Or "keep in sync" instead of "connect" ? It is more explicit and the user might better understand that the file will stay up to date when accessed. |
But sync would give the impression that the remote files are stored in your ownCloud. |
Agreed. I guess we can always change the wording later. |
Start of the "client side" code for this can be found over at #8399 |
@icewind1991 does your PR contain a switch to disable server to server sharing ? |
It should be possible to mount a public link that someone receives as normal file/folder in the own ownCloud.
The scenario is this:
A hint in the public link sharing mail should be added so that the user understands that this is possible
The text was updated successfully, but these errors were encountered: