First of all I clearly say that this post is NOT asking for an unsecure NC installation.
A customer of mine is looking for a cloud solution. His clients (other companies) will send him very large files and also he creates (large) files which his clients should be able to fetch on demand.
The requirements for the cloud solution:
No username / passwords
He wants to issue a short-term token (valid for 1 or 2 days) for a given file (or subdirectory) to his client and the client is able to fetch the objects which are associated with the given token within the specified time frame.
It is not yet clear how his clients can submit their files to him and store them in his cloud in a secure manner.
My customer is currently interested in a Western Digital (WD) solution because he thinks that this is the simplest alternatives for him and his clients.
AFAIK NextCloud cannot handle tokens in the way described above. Can somebody point me to a NC-based solution which is as simple as the WD solution (or even better)? No need to elaborate the solution in details.
As a comerical solution i suggest Seafile: Seafile - Open Source File Sync and Share Software
The software is open source but as usual in the linux world you can buy the service for hosting and setup etc.
My company is using this solution in a larger scale for about 30000 people. But whatever solution you might choose please concider: you must share specific files or directories via a link or your partner/custemor has an account. In the question of datasecurity please concider a link withoud pincode or password is comfortable but not secure because everyone who has the link has access to the data.
In order to handle critical data the only way I see is to use the federal options of nextcloud. Which requires to run an instance on both sides.
If, and this is a big if, you have an Single Sign On structure in your company you’d might choose nextclouds option to use kerberos tickets. This feature is stable since version 20 and needs a good administrator how knows what he is doing. In this scenario your client would just login one time when he is starting windows and than just type in the URL of the nextcloud and granted secure access without typing in username or pw.
If this is too crazy to set up for you maybe concider the possibility to use passwordless login via Yubikey.
Hit the “Share” button and press the “+” button beside “Share link”. Set a share with NO PASSWORD. Now hit the 3-dots menu beside the share link option and check the box “Set expiration date”. Now you can copy the link and send it to a client. The link itself will include a special token and will work until the link expires.
If the option to unselect “password protection” is not available, you can enable it in Settings → Administration → Sharing, and uncheck the option “Enforce password protection”.
thanks a lot for your suggestions. I know about the existence of seafile but i never deployed it. It’s worth a test installation. I don’t know yet if my customer is willing to spend money for professional Seafile software.
FYI for point (4) about secure client uploads… NC shares have an option to be set up as “drop only”. This allows for customers to make uploads, but nobody except an authorized logged in user will have access to the data that was uploaded.