this post was submitted on 29 Nov 2023
0 points (50.0% liked)

Self-Hosted Main

515 readers
1 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

For Example

We welcome posts that include suggestions for good self-hosted alternatives to popular online services, how they are better, or how they give back control of your data. Also include hints and tips for less technical readers.

Useful Lists

founded 1 year ago
MODERATORS
 

ownCloud vulnerability with maximum 10 severity score comes under “mass” exploitation | Ars Technica

"The vulnerability, which carries the maximum severity rating of 10, makes it possible to obtain passwords and cryptographic keys allowing administrative control of a vulnerable server by sending a simple Web request to a static URL"

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 1 points 11 months ago (5 children)

That's why I keep nextcloud behind http basic auth. Don't trust those software to expose them directly to Internet.

[–] [email protected] 1 points 11 months ago (2 children)

Basic auth is better than no auth, but it is absolutely not a recommended auth method these days

[–] [email protected] 1 points 11 months ago (1 children)

I use it on top of nextcloud auth

[–] [email protected] 1 points 11 months ago

Basic auth is a base64 of your login credentials, might as well be plain text. You should absolutely not be using basic auth if you have other options

load more comments (2 replies)