mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-11-28 18:03:04 +00:00
9931c4a407
I recently learned that Nextcloud 23's new profile feature — basically a way for users to share personal contact details — has a problematic default setting, profile data is shared with **everyone** by default. This means that an unauthenticated user can access personal information by accessing `nextcloud.tld/u/user.name`. The announcement of v23 states[1]: > We go a step further and introduce a profile page. Here you can put a > description of yourself, show links to, for example, social media, what > department you are in and information on how to contact you. All these > are of course entirely optional and you can choose what is visible to who! > The profile and user status are accessible also from our mobile and desktop clients. It's not mentioned that by default you share personal information[3] with everyone and personally I think that's somewhat problematic. To work around that, I decided to add an option for the recently added[2] and even set it to `false` by default to make an explicit opt-in for that feature. [1] https://nextcloud.com/blog/nextcloud-hub-2-brings-major-overhaul-introducing-nextcloud-office-p2p-backup-and-more/ [2] https://github.com/nextcloud/server/pull/31624/files [3] By default, this affects the following properties: * About * Full name * Headline * Organisation * Profile picture * Role * Twitter * Website Phone, Address and Email are not affected and only shown to authenticated users by default. |
||
|---|---|---|
| .. | ||
| config | ||
| hardware | ||
| i18n/input-method | ||
| installer | ||
| misc | ||
| profiles | ||
| programs | ||
| security | ||
| services | ||
| system | ||
| tasks | ||
| testing | ||
| virtualisation | ||
| module-list.nix | ||
| rename.nix | ||