What the title says. I was looking into paperless-ngx but it seems to offer no built-in security. I’d ideally want some kind of encryption and if i enable remote access have some control over sensitive documents

  • cooopsspace@infosec.pub
    link
    fedilink
    English
    arrow-up
    12
    arrow-down
    1
    ·
    edit-2
    1 year ago

    This has been exceptionally done to death on Reddit but I’ll say it here since Reddit is dead.

    Authentication -

    If what you’re looking for is a login front end you could check out paper merge - personally I’ve got Keycloak and Nginx running so I can just make my own login page anyway and put paperless behind it.

    Stuff with sensitive documents should probably not be on the internet anyway unless you’re a really advanced user.

    Encryption -

    In app encryption offers no security because the encryption key is stored in RAM and likely a database entry that must be unencrypted.

    So the Devs are 100% correct in stating that it gives people a false sense of security to offer it as a feature.

    Best bet is to have an encrypted filesystem or alternative encrypted storage buuuut, also understand that encryption key is also stored in RAM.

    TLDR: There is no point in Devs offering in app encryption when you should already be encrypting the filesystem.

    • pianoplant@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      4
      arrow-down
      1
      ·
      1 year ago

      Thank you, very helpful! And also thanks for putting this info on lemmy :) I figured asking the question here was a good way to get some of that insight here.

  • fear025@lemm.ee
    link
    fedilink
    English
    arrow-up
    7
    arrow-down
    1
    ·
    1 year ago

    When you say “no built-in security”, are you talking about not having https ? Paperless-ngx does have login security with users and passwords. I believe they recommend using nginx as a reverse-proxy server to implement https if you need it.

  • lal309@lemmy.world
    link
    fedilink
    English
    arrow-up
    4
    ·
    1 year ago

    When I was looking for a DMS I ran across MayanEDMS. I never got a chance to stand up any DMS but it may be worth checking out their site in case it meets your needs.

    Not exactly DMS but I have a WikiJS instance running with MFA enabled and access control. For example, my wife and I can access a set of documents we deem sensitive but other users can’t. I use WikiJS for all my documentation needs.