Security Articles
Files Access Control
Nextcloud’s File Access Control app enables administrators to create and manage a set of rule groups. Each of the rule groups consists of one or more rules. If all rules of a group hold true, the group matches the request and access is being... Read More
Bruteforce protection and Reverse Proxies
Nextcloud offers native support against brute force protection attacks, thus significantly enhancing your users' security. The protection works on a per IP basis; this means that once a single IP address has performed too many invalid logins... Read More
Using the audit log
The following information can be retrieved from the audit log if the app Auditing/Logging is enabled: Files File created accessed updated renamed copied removed deleted File version restored deleted File shared with/unshared from (including... Read More
SELinux configuration
Security-Enhanced Linux (SELinux) is a mandatory access control (MAC) security mechanism implemented in the kernel. If you install Nextcloud on a Linux distribution where SELinux is enabled, you may encounter permission issues with your Linux... Read More
Nextcloud and Virtual Data Room configuration
Nextcloud offers a number of features in the Virtual Data Room space which allow the creation of a collaboration environment that is walled off from other data and decreases the chance for data leakage. Note that there is a wide range of abilities... Read More
How does the server-side encryption mechanism work?
After initial login of the user, a public and private key pair are generated and stored in the /files_encryption/ folder in the data folder.The private key is encrypted with a PBKDF2 derivate of the login password using the SHA256 cipher and going... Read More