Securing OnlyOffice Document Server: Understanding the JWT Principle
Real-time collaboration in Word or Excel files directly in the browser—whenever you host platforms like Nextcloud or Seafile, you will eventually stumble across the OnlyOffice Document Server. However, simply booting an OnlyOffice Docker container and putting it public without specific precautions creates a highly dangerous vulnerability: anyone on the internet who discovers your OnlyOffice URL could configure their own cloud instance to use your server, hijacking your CPU and RAM resources. ...