Security Aspects of Infinite Scale
This document gives you an overview of the different security measures of Infinite Scale.
Infinite Scale uses a microservices architecture. But instead of handling authorization and authentication in each service, an API gateway (the proxy service) has been implemented to handle these tasks. All requests have to go through this gateway. This has the positive effect that all other services can be hidden behind a firewall, which reduces the attack surface dramatically.
A reverse proxy in front of the API gateway allows implementing further protection mechanisms like request rate limiting or blocking requests from sources which seem to be doing malicious actions like DoS or Slowloris attacks.
All Infinite Scale services support request tracing. This means, you can monitor the path a request takes and which services are involved, etc. In addition to that, all logs can be aggregated by common software like graylog, splunk, etc. This not only helps with administrating the services, but can also aid in detecting malicious behavior by analyzing the logs or traces.
Infinite Scale does not rely on a proprietary user management system, instead it uses OpenID Connect. For small instances or testing purposes, a minimal LDAP Service named IDM is included. For anything else, it is recommended that customers hook to their own OpenID Connect provider using the IDP service. If you don’t have an OpenID Connect provider available, use secure standard software like Keycloak to connect to the existing user management system, like Active Directory or any LDAP server.
Infinite Scale provides a flexible role system, which allows the permissions of roles to be customized or custom roles to be defined in the system. This way, permissions for certain roles can be restricted to the absolute minimum.
Compared to the apps/extensions in ownCloud 10, the Infinite Scale extensions/services are more secure because they are developed and deployed as standalone services. They communicate via APIs with the core services and therefore can only use specific interfaces instead of having direct access to storages and data. A single extension which behaves incorrectly cannot corrupt the whole system.
Infinite Scale is designed to work without a database. This means fewer services are required, which reduces potential vulnerabilities.
Developing Infinite Scale from scratch, ownCloud decided to switch from PHP to Golang. This eliminates a bunch of security risks that come with PHP, like Remote File Inclusion, Local File Inclusion and others. Golang also has a good file system API easing the protection against directory traversal issues.
The fact that Golang is statically typed helps reduce the amount of logic errors.
The web client ownCloud Web of Infinite Scale is implemented with Vue.js. This supports securely displaying user input since everything displayed is being escaped by default.
Development has processes in place to automatically monitor the dependencies in the projects used. This helps to detect vulnerable dependencies at an early stage and enables patching as soon as possible.
When any security issues have been fixed, ownCloud makes sure to release a patched version as soon as possible and notifies customers via several communication channels like the security advisories on our website, via E-mail or the Community Forum web page.
ownCloud follows development best practices which include:
All code is being reviewed by multiple people.
The code is statically analyzed by various tools to find bugs or security issues at an early stage.
Make use of defensive development patterns like input validation and proper error handling.