What the title says. I was looking into paperless-ngx but it seems to offer no built-in security. I’d ideally want some kind of encryption and if i enable remote access have some control over sensitive documents

  • cooopsspace@infosec.pub
    link
    fedilink
    English
    arrow-up
    12
    ·
    edit-2
    1 year ago

    This has been exceptionally done to death on Reddit but I’ll say it here since Reddit is dead.

    Authentication -

    If what you’re looking for is a login front end you could check out paper merge - personally I’ve got Keycloak and Nginx running so I can just make my own login page anyway and put paperless behind it.

    Stuff with sensitive documents should probably not be on the internet anyway unless you’re a really advanced user.

    Encryption -

    In app encryption offers no security because the encryption key is stored in RAM and likely a database entry that must be unencrypted.

    So the Devs are 100% correct in stating that it gives people a false sense of security to offer it as a feature.

    Best bet is to have an encrypted filesystem or alternative encrypted storage buuuut, also understand that encryption key is also stored in RAM.

    TLDR: There is no point in Devs offering in app encryption when you should already be encrypting the filesystem.

    • pianoplant@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 year ago

      Thank you, very helpful! And also thanks for putting this info on lemmy :) I figured asking the question here was a good way to get some of that insight here.