Good afternoon,
we noticed in our federated Nextcloud instances that for any federated share there is a token link created in the database (/s/). Our security team has concerns about them being possibly brute forced and hence sensitive data possibly being leaked; has anyone deeper insight if this might be a security concern? If not, why not?
With sincere regards, Günther
Hello @GLK, welcome to the Nextcloud community.
This forum is primarily operated by volunteers and has no resources for commercial support, please request professional service from Nextcloud GmbH.
federated shares are not anonymous AFAIK the systems exchange kind of password or token. Please ask you security team to look at the logs (and access the URL they found as very simple check).