- Home
- Docs
- Installation and configuration
- Docs Security Guide
- ONLYOFFICE Docs Security Guide
ONLYOFFICE Docs Security Guide
ONLYOFFICE provides a comprehensive range of security tools to keep your data safe and to ensure secure collaboration online. This guide describes all the features that allow you to increase the security level of ONLYOFFICE Docs.
Apart from that, you can explore some common security technologies, principles, and certain services to ensure maximum security of your server.
ONLYOFFICE Docs is distributed in complete accordance with GDPR and HIPAA compliance requirements.
1. General Docs security: self-hosting, HTTPS, IP filtering
ONLYOFFICE Docs features are recognized as industry standards in the field of security. The solution processes document editing and conversion, but it does not store any document or user data. Our open source code is available on GitHub.
Self-hosting
ONLYOFFICE was designed for businesses carrying out sensitive communication and records that, if compromised, may to various extent endanger customers and internal operations. ONLYOFFICE Docs keeps your services and all assigned data completely within your physical perimeter. The hardware protection is fully in your hands, allowing you to manually maintain stability and connectivity as your business standards demand.
ONLYOFFICE provides complete technical support for on-premise deployment and releases regular software updates.
Secure HTTPS protocol
ONLYOFFICE allows you to encrypt your traffic using HTTPS protocol. You can easily create a CA-signed certificate on letsencrypt.org and switch your ONLYOFFICE Docs to HTTPS with a single command, or apply your own certificates.
Read the corresponding instructions for Community Edition on Linux, Community Edition on Windows, Enterprise Edition on Windows, Developer Edition on Windows.
IP filtering
IP filtering lets you fully control what IP traffic will be allowed into and out of ONLYOFFICE Docs. Learn more.
2. Permission management: user roles
You can assign different permission levels that define what actions with files are available for the user. For example, viewers can only view documents, and reviewers can suggest changes to documents without actually editing them. You can also prohibit copying, downloading or printing of the document to prevent its further distribution, as well as limit access to changing sharing settings, leaving you in charge of sharing. Learn more.
3. Digital signature
Applying digital signatures to documents helps confirm their integrity and authenticity. In ONLYOFFICE, you can use any certificates to add signatures to documents, request signatures from one or multiple parties, customize signature layout and appearance. Learn more.
4. Plugin management
ONLYOFFICE Docs comes with no pre-installed plugins, leaving you in full control of what plugins you would like to use, if any. Learn more.
5. Secure work with documents: document versions, password protection, protected ranges
When co-editing documents, apply a number of security features to restrict access or editing abilities for other users and to prevent the unwanted changes to data.
Document versions
View version history to know exactly which changes have been made. Restore one of the previous versions of the document if necessary. Learn more.
Document password protection
Protect documents with passwords to make sure that no one can access your files without receiving a password from you. The documents are protected with AES-256 encryption algorithm, and can be opened in any editor that supports password protection. Learn more.
Protect workbooks, sheets, ranges
When working with spreadsheets, you can protect the entire workbook, certain sheets or cell ranges, as well as hide formulas or objects. Learn more.
6. JWT protection
To protect documents from unauthorized access, ONLYOFFICE Docs uses the JSON Web Token (JWT). The token is added in the configuration when the Document Editor is initialized and during the exchange of commands between inner ONLYOFFICE Docs services. The secret key is used to sign the JSON web token and validate the token upon the request to ONLYOFFICE Docs. Learn more.
7. Basic security principles
You can also consider using some general principles of server security as well as third-party services and tools not related to the ONLYOFFICE products. Below, you can see some common examples and tips which can be helpful.
Closing all unnecessary ports
You should keep open only the ports you need for portal functioning, as extra open ports can be the cause of data leaks. Use the netstat utility to view all open ports and their associated software.
Following the least privilege principle
Assign only the permissions that are minimally necessary to perform specific tasks, preventing users from accessing sensitive areas they do not need.