Note that by default php's http stream wrapper does not verify the hosts ssl certificate.
This means that the installer is susceptible to mitm attacks. The verify_peer context option must be turned on: http://www.php.net/manual/en/context.ssl.php Evert On Oct 8, 2012, at 11:57 PM, Frank Karlitschek wrote: > More good news everyone. > > I updated the new web based installer to download the latest ownCloud zip > from our ssl server. This means that we are now protected against man in the > middle attacks. > https://github.com/owncloud/administration/tree/master/web-installer > > This will be a new and supported way to install ownCloud from now on. The > benefits for users are: > You only have to upload one php file to your webserver to install ownCloud. > No need to unzip it or understand what an archive is. > It automatically fixed the file permissions on the server so you donĀ“t need > cli or unix know how and ownCloud can update itself because the files are > owned by the webserver user. > > So installing ownCloud should be super easy now for unexperienced users. > > It can be downloaded from here: > https://download.owncloud.com/download/community/setup-owncloud.php > > > Have fun. > > Frank > > > > _______________________________________________ > Owncloud mailing list > [email protected] > https://mail.kde.org/mailman/listinfo/owncloud _______________________________________________ Owncloud mailing list [email protected] https://mail.kde.org/mailman/listinfo/owncloud
