Open tobiasKaminsky opened 5 years ago
@camilasan @marinofaggiana
@tobiasKaminsky yes, this is a true issue ....
We need to check this before allowing to share…
Even more problematic is, that a malicious admin still can share this. So we have to make sure during runtime on clients that this is the correct folder.
One solution would be that our clients refuse to upload/modify metadata file if they had a problem with decrypting it.
--> this will create problems, e.g. other user can overwrite metadata file if they upload a file into the encrypted subfolder
We need to check this before allowing to share…