documentation icon indicating copy to clipboard operation
documentation copied to clipboard

Published 20 hours ago • verified publisher icon nextcloud

Improve device wipe docs

Open michael-markl opened this issue 4 years ago • 3 comments

I have a question due to the a bit spartan documentation under https://docs.nextcloud.com/server/latest/developer_manual/client_apis/RemoteWipe/index.html:

Does Wiping also remove the API access of the device?

The attack vector is a stolen, unencrypted device. Once noticed, that the device was stolen, the user clicks on "Wipe Device". Is it then possible for the attacker to read the token from the file system of the stolen device (possibly he doesn't boot the device nor start the nextcloud client) and retrieve user data from the server with it? Or is the token already "invalid" and no more API requests are possible (except for the wiping endpoints) once the device has been marked for wiping?

At least, that's what I would expect. If that is the case, maybe someone can update the documentation and add a sentence here?

michael-markl avatar Oct 12 '21 09:10 michael-markl

coudl you ask the question on https://help.nextcloud.com/c/support/7?

ChristophWurst avatar Nov 30 '21 08:11 ChristophWurst

I have already asked the question without success. I think the documentation on wiping should be improved in this regard. https://help.nextcloud.com/t/does-wipe-device-also-remove-access-to-the-device/124845/2

michael-markl avatar Nov 30 '21 13:11 michael-markl

Fair enough. The forum is the place to ask the question. Here you can raise that docs are missing. But don't expect answers here.

ChristophWurst avatar Nov 30 '21 14:11 ChristophWurst