> > - The last part is about security-authenticating issues > - What credentials should be used for the SyncML server > authentication? The same as for the owncloud authentication? We should > allow > the user to make as many accounts as he wants? > > phpsyncML 's authentication mechanism is yet to be integrated with owncloud's. But we should go with a single authentication mechanism.
> > - PHPSyncML server doesn't support MD5, so, by now, all the passwords > are transmitted in plain text. You can see them with wireshark. I'm sure > that the passwords are stored encrypted in the owncloud database. So, a > couple of solutions come to my mind. (I know that MD5 is no longer > secure, > but it's still a standard, and at least is something...) > - Implement the feature of handling MD5 passwords by the PHPSyncML > server somehow > > Can be easily done :) 1. Get the username and password encrypted using MD5 from the client. 2. Compare it to the encrypted username and password in owncloud. > > - As far as I know, if the connection itself is encrypted (HTTPS), it > should not matter if the passwords are transmitted in plain text. > The main > drawback of this solution is that the owncloud server MUST have > enabled the > HTTPS feature to use SyncML feature, and having HTTPS enabled it's > not so > trivial. (I mean, maybe some of the standard hosting services doesn't > support it, I don't know) > > Well, for authentication . encrypting the authentication phrases should be sufficient. But for data security HTTPS is the way to go. We could (before HTTPS is implemented) encrypt the data at the client side easy using the funambol SDK. and decrypt the data in phpsyncML. Kunal, you're working also with SyncML, how do you plan to manage that > security issues? > as explained above. -- regards, Kunal Ghosh
_______________________________________________ Owncloud mailing list [email protected] https://mail.kde.org/mailman/listinfo/owncloud
