In that case there is no way as for now with SOGo to do that. Side note: Even if the links are not easily guessable by human, you shouldn’t assume this is safe and only the people with the link will be able to access it. Don’t provide any sensitive data in your public calendar as there are, indeed, public.
Quentin From: users-requ...@sogo.nu <users-requ...@sogo.nu> On Behalf Of Michael Krecek Sent: mercredi 21 août 2024 19:15 To: users@sogo.nu Subject: Re: [SOGo] Public dav link is not secure We need to establish a way how to securely share eg busy/free times without having to provide a login. Typically other calendaring servers do this by offering a tokenized URL which then can be shared. I would never want any user to publicly share his busy/free times while anyone can guess the DAV URL… Am 21.08.2024 um 15:55 schrieb qhivert <users@sogo.nu <mailto:users@sogo.nu> >: Hello, This option will not change the dav links only the url of the website. To see its effects, you should first empty Memcached and remove the current session of with the command: sogo-tool expire-sessions 0 But the dav link will still have the username. Concerning the public link, by default nothing will be shared. Indeed, if you click on three dots next to your calendar -> sharing -> public access. All will be at None. Only the user can decide and set what to share publicly. If you don’t want to have public access for all yours users, you can also disable it in your sogo.conf -> SOGoEnablePublicAccess = NO; Quentin From: users-requ...@sogo.nu <mailto:users-requ...@sogo.nu> <users-requ...@sogo.nu <mailto:users-requ...@sogo.nu> > On Behalf Of Michael Krecek Sent: mercredi 21 août 2024 15:40 To: users@sogo.nu <mailto:users@sogo.nu> Subject: Re: [SOGo] Public dav link is not secure Hi Christian, this is also critical for me but I could not get it running setting both SOGoURLEncryptionEnabled = YES; SOGoURLEncryptionPassphrase = “mypassphrase“; The Sogo UI still show the username-including URL in calendar > show links view. Any idea? Thanks Michael Am 21.08.2024 um 13:58 schrieb Christian Mack (christian.m...@uni-konstanz.de <mailto:christian.m...@uni-konstanz.de> ) <users@sogo.nu <mailto:users@sogo.nu> >: Hello Please check option SOGoURLEncryptionEnabled. Kind regards, Christian Mack Am 16.08.24 um 14:11 schrieb Denys Shcherbyna (denys.shcherb...@zone3000.net <mailto:denys.shcherb...@zone3000.net> ): Hello. The current public dav link has the format: https://hostname/SOGo/dav/public/user@domain/Calendar/personal/. It is not secure because it can be guessed, leading to unauthorized access by unauthorized users. Please consider adding a feature that makes a more secure and unique link for each user. Thank you. -- Christian Mack Universität Konstanz Kommunikations-, Informations-, Medienzentrum (KIM) Abteilung IT-Dienste Forschung, Lehre, Infrastruktur 78457 Konstanz +49 7531 88-4416
