-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 webDav and CalDav/CardDav use normal HTTP iirc, HTTP basic auth. If this is done over SSL it is encrypted. The only problem there could be if someone manages to do a Man in the Middle attack which allows him to grab your password. That would require him to have a valid Cert for your domain though. If you check the fingerprint (or if the program does this) its close to impossible to do this. So I'd argue: As long as you can be sure that the SSL Cert is your own Cert, its way saver.
On 12/14/2013 05:20 PM, Tornóci László wrote: > On 12/14/2013 04:40 PM, Bernhard Posselt wrote: >> That feature was part of the music application, the music application >> was a security risk and had no maintainer, thats why it was dropped. >> There is a new alpha release from a different maintainer on the appstore >> which you can try. I dont think it features ampache integration. >> >> Apart from that supporting the ampache API weakens your password >> security (by a lot) and allows the use of rainbow tables to crack your >> password. Just sayin. > > That's something I thought of myself, too. Is there a difference here between services that OC provides? There are quite a few services (webdav file, address book, calendar sync, mozilla sync). Are these services any better from the security point than the ampache API? The more services we use on different gadgets the more the security risk, that is clear. But is there any difference between services? Just curious. > > Yours: Laszlo >> >> On 12/14/2013 04:30 PM, Tornóci László wrote: >>> On 12/14/2013 04:16 PM, Duarte Velez Grilo wrote: >>>> Oh, my bad then. I was under the impression there was an ampache server >>>> that we could connect to before. Am I wrong? >>> >>> No, you are not. I definitely remember, that I could use several >>> ampache clients to connect to OC and listen to my music files stored >>> in OC successfully (the clients were: Amarok on linux pc, and "Just >>> player" and "Ampache provider" on an Android tablet). But that was >>> several months ago, can't remember if it was 4.x or 5.0. But it used >>> to work for sure, and I think that was a very nice and useful feature. >>> It should not be dropped from OC. >>> >>> Yours: Laszlo >>> >>> > > _______________________________________________ > Owncloud mailing list > [email protected] > https://mail.kde.org/mailman/listinfo/owncloud -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJSrOaDAAoJEC7c8FtZDzUzXyIP/RJ2jLVyFJ6ammv5CL9o9aM/ 6kFBf03tx1BYGQpo3DC1ynDRx4cNfHtELejrZWBx4GObWL8uXKFtWj+EiJthT7rC tYfer/4Iv/lGr+CQp++OSwDKbiR9SkmZ94DF01M40lVUwCcvS6J6in9gbEUYjD7N /PrNAPNBDDSssbpcvJkUS/5rcQL7EtoYKgiUR6y1VaHRRr7AoK+LOJKd/zyjYLw9 tIyBkrWXDa7tt42XRZfKesZUwmtYq8pe+2RAWQ0hX7SSO4BG9LypDVR/VvGwOpg/ EBtIjrhxc2WbMWGijiG9ewIl0Ei9TuDDnQvTe+0yNatHUrZ9F1THCNxSyiNfW2Lh fksAohF6Fmqv4O9Np6h8f1MPD/w38FrAK3yUicaetbcBpw6BW7juyFqEYbJdrDt3 YM7TuLfpnzya0oTyCd1GD+NRDmXUMW4WHF4piw4t32nXso1lWzjkBDe95EkXfXqW 9wwtBgELYCi/v8vJy4pDD32jcUvteON9WH9YeYuooJYEEXX/MaStReXI6uKHxEii bLoMWyfAi/qTPnMHL0dFgmN6ucucshTh6PjIVr+vZVXwB4xPA2oOwxIXg+3nQsX+ PgWyQ0lKDfR9bQw5yTl218pUfnt8pjATCqmIMM+NRLbfFCzovuAHBEuZdLA2o2Rz O9wq1Zrd+iUVl1YdRoZh =HgJF -----END PGP SIGNATURE----- _______________________________________________ Owncloud mailing list [email protected] https://mail.kde.org/mailman/listinfo/owncloud
