The Omni Group Forums

The Omni Group Forums (http://forums.omnigroup.com/index.php)
-   OmniFocus Syncing (http://forums.omnigroup.com/forumdisplay.php?f=50)
-   -   OmniSync security? (http://forums.omnigroup.com/showthread.php?t=19550)

Leif 2010-12-29 12:16 PM

OmniSync security?
 
Is Omnisync a secure service? I really like to use it, but is the security high enough? (definition of enough still to be decided :) ) Is it encrypted/what kind of encryption?

Brian 2010-12-30 05:07 AM

Communication with the server defaults to secure (encrypted) HTTP just like your online banking sites use; the files are not encrypted on the server, though. (We wanted to preserve our ability to help folks with sync issues when/if they occur.)

The sync server has all the security/protection that our online store does, but we can't responsibly issue flat guarantees. Syncing with any server run by someone else is inherently less secure/private than doing so with a server you control yourself.

There's a tradeoff between security and convenience in cases like this that's up to each individual to make.

Leif 2010-12-30 01:18 PM

Thanks Brian, excellent answer. Security is a tough issue, if you aim for 100 % you will lose all functionality so there is a middle way you need to adopt to. With your software it's well worth finding that middle way that make it work for you.

jet14 2011-10-14 02:07 PM

[QUOTE=Brian;91050]Communication with the server defaults to secure (encrypted) HTTP just like your online banking sites use; the files are not encrypted on the server, though. (We wanted to preserve our ability to help folks with sync issues when/if they occur.)[/QUOTE]

Speaking of encryption, has there been any discussion within Omni of making use of the "iOS Data Protection APIs" for the on-device storage of OmniFocus data?

Speaking as someone who works in an Enterprise environment where the potential for loss of (control of) data is a major roadblock to implementing iOS devices, I can say that being able to point to OmniFocus using this security enhancement (combined with the use of a company-run WebDAV server for the sync) would go a LONG way toward soothing the paranoiacs in IT Security here! ;-)

aleding 2011-11-01 10:36 AM

I'm not really sure how desiring encryption for your data is being paranoid - if you're not asking this type of question when your data leaves a trusted environment, then you're doing a poor job of securing your data.

With that said, I would urge Omni to allow the encrytion of the data on the server. Let this be a user decision\option rather than remoiving the option altogether.

While Omni may do what they can to secure the data, they've stated up front that they can't guarantee security - what more do you need to hear to know you need encryption on the server?

jet14 2011-11-01 11:46 AM

I'm not talking about the server, since you can run your OWN server if you need to. I was specifically referring to the iOS device that was running OmniFocus.

The "iOS Data Protection APIs" are important for making sure that the full force of on-device encryption is applied to the data stored by a particular program. Aside from Mail, very little of what's on an iPhone/iPad/iPod touch is protected with that full level of encryption.

CatOne 2012-07-12 09:04 AM

[QUOTE=Joslyn;112532]Hi guys I am Joslyn. I am here to share my views about Omnisync. It is a vast and unique platform.It provides a lot of protection and security. Through security we can prevent us from cyber threats and any other disasters.[/QUOTE]

I'm sure you are. And I'm sure that soon you'll be advertising web sites in your follow up posts since this one went through. Looking forward to that!

whpalmer4 2012-07-12 10:35 AM

[QUOTE=CatOne;112550]I'm sure you are. And I'm sure that soon you'll be advertising web sites in your follow up posts since this one went through. Looking forward to that![/QUOTE]

Of course, they aren't going to be reading your follow up post, and by posting instead of clicking on the report button, you make it so that there's still some trace even after Brian nukes the spammer...

CatOne 2012-07-13 06:44 AM

[QUOTE=whpalmer4;112553]Of course, they aren't going to be reading your follow up post, and by posting instead of clicking on the report button, you make it so that there's still some trace even after Brian nukes the spammer...[/QUOTE]

I report 99 of 100 and you bust my chops for the one I have a little fun with ;-)

Oh, and when the spammers come with a drive by and hit a bunch of forums... not awesome that you have to wait like 60 seconds between each report. So I don't report them all...

whpalmer4 2012-07-13 07:10 AM

[QUOTE=CatOne;112585]I report 99 of 100 and you bust my chops for the one I have a little fun with ;-)

Oh, and when the spammers come with a drive by and hit a bunch of forums... not awesome that you have to wait like 60 seconds between each report. So I don't report them all...[/QUOTE]

Yeah, I know, my irritation at having to wait means I don't report a bunch of them, too. I'm undecided whether the recent move to up the number of posts needed before links are available is a good thing or not. Wouldn't it be sweet if after you reported a post, the forum software didn't show you any threads where the only new posts were from that poster? At least Euro 2012, UFC 148, and Wimbledon are over now so we can get back to WoW gold sales :-)


All times are GMT -8. The time now is 07:59 PM.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2019, vBulletin Solutions, Inc.