Securedrop / how to force file droppers to provide an email + authorized files extensions

ℹ️ Support
1

Nextcloud version: 21.0.3
Operating system and version: Ubuntu 20.04
Apache or nginx version: Apache 2.4
PHP version: 7.4.3

The issue you are facing:

Hi there,
I’m trying to set up a securedrop space on my NC instance.
Works pretty well so far, but I can’t seem to be able to find 2x options that I think are essential – either 'cause I can’t find them, or 'cause they just do not exist (that’d be surprising) –

Is it possible & how to :

  • force file droppers to provide an email
  • set up for each folders in which you allow file dropping, a list of authorized file extensions ?

Thanks in advance for any feedbacks and leads on this.

2

I’m not aware this is possible.

  • to satisfy the first requirement you can provide everybody with separate file-drop URL. This is not a real identification but if you assume people don’t share their individual access information (and optional password) you can have separated file-drop for each user…
  • second requirement might be possible using Flow
3

If users must provide their email then nextcloud must test the email e.g. with a password or tan.

Normally the way is reverse. You share a folder to a an email and hopefully the receiver does to share it to another person. If you use email as target at sharing or copy the link and send an email does not matter. With file-drop nobody can see the uploaded files.

To “force” it you can use the app guests. Then the person gets an own account for the email and must set a password. Watch this video for details.

A user can always share his password with third parties whether Nextcloud or Internet banking. You can’t prevent that at all. Also Apple, Google, Microsoft, Amazon and Facebook can not do it. Do you want my Google credentials? I can sent them with PM :wink:

1 Like
4

Thanks for your answers.

Actually, I’m looking for a way we could use nextcloud as a WeTransfer kind of service. We already use it the right way inside our organization but we also have to deal with a lot of external sollicitations, implying file dropping. Hence my questions

Set a specific folder and/or a password for each and every file dropper is just impossible, considering how many they can be in a single day.

I’ll have a look at “Guests”, hoping it will suitmy needs.