What are the security risks of using Local Storage?

Can someone please offer a more detailed explanation on the significant security risks of Local Storage, as mentioned right here in the official documentation.

Click here for a related conversation, since running Syncthing alongside Nextcloud is easiest when mounting folders as local storage + allowing user of both Syncthing and Nextcloud to be www-data.

What I think is meant is that only admins shall be able to mount local storage. If users could mount local storage they could put PHP programs into the execution path and the code would be executed. You don’t want every authenticated user to do that … do you?

I see. What I want is for Nextcloud and Syncthing to work in harmony as mentioned in server issue #8384. Syncthing offers multiple major features, amongst them LAN, p2p, and Delta Sync, that would totally benefit Nextcloud. As you mentioned, Nextcloud’s web interface (and mobile apps) are nice for Syncthing. This is especially important for those of us who just connect as a small group rather than a global scale mega-company. If Nextcloud would scale on a more local level, it could really benefit us by having more robust sync options for the overall platform.

See previous discussion post on integrating Syncthing and Nextcloud in the:

There are countless requests and discussions about this on various posts, forums, and github requests… I’d love to bring all interested parties together in the hopes of a better integration between these platforms.

It could also be used to mount directories which contain sensitive files and read them or somebody could even edit binaries in certain cases which could execute malicious code if started.

This topic was automatically closed 25 days after the last reply. New replies are no longer allowed.