-
Notifications
You must be signed in to change notification settings - Fork 23
add why OpenCloud is secure #379
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Open
Svanvith
wants to merge
2
commits into
main
Choose a base branch
from
add-why-oc-is-secure
base: main
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
+143
−0
Open
Changes from all commits
Commits
Show all changes
2 commits
Select commit
Hold shift + click to select a range
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,143 @@ | ||
| --- | ||
| id: opencloud-security | ||
| title: Security in OpenCloud | ||
| sidebar_position: 3 | ||
| description: "Overview of OpenCloud's security architecture, encryption, access control, and compliance." | ||
| --- | ||
|
|
||
| # 🔐 OpenCloud Security Overview | ||
|
|
||
| OpenCloud was designed with a strong focus on **security**, **data protection**, and **modern IT architecture**. This page outlines the key security mechanisms that make OpenCloud a secure and reliable solution for organizations of all sizes. | ||
|
|
||
| --- | ||
|
|
||
| ## 1. Encryption | ||
|
|
||
| OpenCloud protects your data both in transit and at rest using industry-standard encryption technologies: | ||
|
|
||
| - **Transport Layer Security (TLS)** | ||
| All data transmitted between clients and servers is encrypted using **TLS**, ensuring secure communication and protection from man-in-the-middle attacks. | ||
|
|
||
| - **Server-Side Encryption (S3 SSE)** | ||
| When using S3-compatible storage, OpenCloud supports **S3 Server-Side Encryption** to secure data directly at the storage layer. | ||
|
|
||
| - **Client-Side (End-to-End) Encryption** | ||
| OpenCloud leverages the **OS-native encryption capabilities** on user devices, providing local encryption before data is uploaded. | ||
|
|
||
| --- | ||
|
|
||
| ## 2. Access Control & Authentication | ||
|
|
||
| OpenCloud includes robust mechanisms for authentication and access management: | ||
|
|
||
| - **Role-Based Access Control (RBAC)** | ||
| Fine-grained permissions based on **roles** ensure users have access only to what they need. | ||
|
|
||
| - **Multi-Factor Authentication (MFA)** | ||
| Enhance account security with optional **two-factor authentication**. | ||
|
|
||
| - **Single Sign-On (SSO) Integration** | ||
| OpenCloud supports seamless SSO via: | ||
| - **LDAP** | ||
| - **SAML** | ||
| - **OAuth 2.0** | ||
|
|
||
| --- | ||
|
|
||
| ## 3. Auditing & Logging | ||
|
|
||
| - **Audit Trails** | ||
| Every security-relevant action is logged for compliance and traceability. | ||
|
|
||
| - **Monitoring APIs** | ||
| Expose detailed logs to integrate with existing monitoring and SIEM systems. | ||
|
|
||
| --- | ||
|
|
||
| ## 4. File Protection & Antivirus | ||
|
|
||
| OpenCloud provides integrated protection against threats and data leaks: | ||
|
|
||
| - **File Firewall** | ||
| Prevent uploads of unwanted file types using **allow/deny rules**. | ||
|
|
||
| - **Antivirus Integration** | ||
| - **ClamAV (default)**: Detects malware in uploaded files. | ||
| - **ICAP support**: Enables external antivirus scanners via **ICAP** protocol. | ||
|
|
||
| - **Data Loss Prevention (DLP)** | ||
| - **Collabora Secure View** ensures files cannot be downloaded or copied — only opened securely in the browser. | ||
|
|
||
| --- | ||
|
|
||
| ## 5. Secure File Sharing | ||
|
|
||
| Sharing is powerful — and secure: | ||
|
|
||
| - **Enforced Passwords for Public Links** | ||
| Public links are always protected with passwords. Admins can define strict sharing policies. | ||
|
|
||
| - **FileDrop Uploads** | ||
| External users can upload files **without accessing internal data**. | ||
|
|
||
| - **Expiration for Shared Links** | ||
| Automatically remove access after a defined expiration date. | ||
|
|
||
| - **Granular Sharing Permissions** | ||
| Control actions on shared files: read-only, editing, upload permissions, and more. | ||
|
|
||
| --- | ||
|
|
||
| ## 6. Secure Architecture | ||
|
|
||
| Built with modern, security-first technologies: | ||
|
|
||
| - **No PHP** | ||
| Unlike traditional solutions, OpenCloud is written in **Go (Golang)** — fast, secure, and efficient. | ||
|
|
||
| - **Vue.js Frontend** | ||
| The web interface is built with **Vue.js**, a modern and secure JavaScript framework. | ||
|
|
||
| - **REST API** | ||
| A comprehensive **REST API** allows secure automation and integrations. | ||
|
|
||
| --- | ||
|
|
||
| ## 7. Data Protection & GDPR Compliance | ||
|
|
||
| OpenCloud fully supports **data protection regulations**, including: | ||
|
|
||
| - **GDPR-Compliant Data Export** | ||
| Every user can request a personal data export that meets GDPR standards. | ||
|
|
||
| --- | ||
|
|
||
| ## 8. Security Processes | ||
|
|
||
| OpenCloud has a clearly defined security policy: | ||
|
|
||
| - **Responsible Disclosure Process** | ||
| Security issues are handled via a responsible disclosure program. | ||
|
|
||
| - **Regular Penetration Testing** | ||
| Vulnerabilities are actively tested and remediated. | ||
|
|
||
| - **Fast Security Updates** | ||
| Thanks to container-based deployment, patches and updates are rolled out quickly. | ||
|
|
||
| - **[Security Policy](https://github.com/opencloud-eu/.github/blob/main/profile/SECURITY.md)** | ||
| Transparent and documented handling of vulnerabilities. | ||
|
|
||
| --- | ||
|
|
||
| ## Conclusion | ||
|
|
||
| OpenCloud combines **modern security architecture**, **advanced encryption**, and **enterprise-grade access control** with: | ||
|
|
||
| - Secure, microservices-based backend | ||
| - Vue.js-based frontend with modern web security | ||
| - Antivirus, DLP, and secure sharing controls | ||
| - GDPR-compliant data access and export | ||
| - Fast and secure containerized deployments | ||
|
|
||
| > OpenCloud is the right choice for teams and organizations that prioritize **data protection**, **compliance**, and **security by design**. | ||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I really dont like this. Why is go more secure than php ? Mistakes can be done in every language. Sounds like bashing for no reason.