Tighter Security in OwnCloud v9
OwnCloud is a free Web-based app that provides Dropbox-style file hosting. With the release of version 9 on the horizon, it's a good time to take a look at the improved security features.
Storing your data in the cloud is highly convenient, but it does increase the risk of data theft or tampering. Security is an essential feature of any cloud-based storage platform. And, security is a never-ending arms race between developers and crackers.
In the Open Source world, we have a major advantage in that the code is available for everyone to see. This makes it much easier for the community to spot weaknesses and contribute fixes. If two heads are better than one, millions of heads are even better.
Of course, as with any arms race, we can't afford to stand still. So the upcoming release has a number of important improvements in the area of security. The most important one is code signing.
Although many security measures are designed to prevent attackers from corrupting code, there is still a risk that it can happen, so it's important to have an added level of security that can detect and respond to an attack after it has happened. Code signing is such a mechanism.
If attackers manage to gain access to your OwnCloud installation, they could alter the code or configuration files for their own purposes. There's almost no limit to the malicious mischief they could wreak, and often there's no external sign that the code has been corrupted.
Code signing changes that. It uses a cryptographic hash function to create a unique string of symbols that represents the contents of the files. If attackers change any of those files, even by so much as a single character, the string of symbols will be different from the expected string.
As a developer or administrator, you can create a unique string for your code using a private key (that you keep private on your computer). Without the key, attackers are unable to falsify the hash string to trick the code-signing system.
The system checks the security hashes at specific points, such as when you install OwnCloud or when it is updated. If it detects a corruption, it will halt the execution and send you a message immediately.
The same goes for third-party applications. OwnCloud allows users to add applications to extend the basic functionality. If one of those applications contained an infection, it could compromise the entire system, but digital signing ensures that the app hasn't been altered by a third party.
This extra layer of security protects against a wide range of attacks, including the most extreme situation. Imagine if the official app store were hacked. Then attackers could spread their infected code to the entire community with every app that was downloaded. But, code-signing means that the infection would be detected during the installation process. The infected app would be rejected before it could cause any damage.
Code signing is just one of the new features coming to OwnCloud v9.
Pick up any e-commerce web or mobile app today, and you’ll be holding a mashup of interconnected applications and services from a variety of different providers. For instance, when you connect to Amazon’s e-commerce app, cookies, tags and pixels that are monitored by solutions like Exact Target, BazaarVoice, Bing, Shopzilla, Liveramp and Google Tag Manager track every action you take. You’re presented with special offers and coupons based on your viewing and buying patterns. If you find something you want for your birthday, a third party manages your wish list, which you can share through multiple social- media outlets or email to a friend. When you select something to buy, you find yourself presented with similar items as kind suggestions. And when you finally check out, you’re offered the ability to pay with promo codes, gifts cards, PayPal or a variety of credit cards.Get the Guide
- Linux Journal December 2016
- Stepping into Science
- CORSAIR's Carbide Air 740
- A Better Raspberry Pi Streaming Solution
- More on Using the Bash Complete Command
- Tyson Foods Honored as SUSE Customer of the Year
- Tech Tip: Really Simple HTTP Server with Python
- Radio Free Linux
- The Tiny Internet Project, Part II
- Returning Values from Bash Functions