this post was submitted on 22 Sep 2023
18 points (95.0% liked)

Selfhosted

39251 readers
357 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
18
what are you all doing for secure DMS? (lemmy.world)
submitted 1 year ago by pianoplant@lemmy.world to c/selfhosted@lemmy.world
8 comments fedilink hide all child comments
 

What the title says. I was looking into paperless-ngx but it seems to offer no built-in security. I'd ideally want some kind of encryption and if i enable remote access have some control over sensitive documents

you are viewing a single comment's thread
view the rest of the comments
[–] cooopsspace@infosec.pub 11 points 1 year ago* (last edited 1 year ago) (1 children)

This has been exceptionally done to death on Reddit but I'll say it here since Reddit is dead.

Authentication -

If what you're looking for is a login front end you could check out paper merge - personally I've got Keycloak and Nginx running so I can just make my own login page anyway and put paperless behind it.

Stuff with sensitive documents should probably not be on the internet anyway unless you're a really advanced user.

Encryption -

In app encryption offers no security because the encryption key is stored in RAM and likely a database entry that must be unencrypted.

So the Devs are 100% correct in stating that it gives people a false sense of security to offer it as a feature.

Best bet is to have an encrypted filesystem or alternative encrypted storage buuuut, also understand that encryption key is also stored in RAM.

TLDR: There is no point in Devs offering in app encryption when you should already be encrypting the filesystem.

[–] pianoplant@lemmy.world 3 points 1 year ago

Thank you, very helpful! And also thanks for putting this info on lemmy :) I figured asking the question here was a good way to get some of that insight here.