If you are current using Nextcloud / Owncloud or other PHP-Kits for File Handling you should know these remarks:
Based on this Article
You must know:
- Details of Security about your current used PHP Versions (7.X)
- Details of your used Database Version (MySQL..)
- Details of hardened OS and Webserver Version (Apache,Firewall,fail2ban,file policys, selinux, apparmor filter)
- See ALWAYS PHP-Kits of opensource with the trust of NON HARDENED SOFTWARE (prefer NON-PUBLIC ACCESS)
- You can ACCESS this Software thru SSH TUNNELS with a local running non-caching PROXY (privoxy)
- Use the SSH Tunnels on unknown Ports and Login via Key Files which must be unlocked by LONG PASSWORDS
- Public ACCESS is ALWAYS a RISK if YOU didn’t have the KNOWLEDGE of the SOURCE CODE!