Forum Discussion

sanjayssk's avatar
sanjayssk
Helpful | Level 6
8 years ago
Solved

Chooser and security

I'm a beginner but am now using the Chooser API successfully from a Web app. But I'm concerned about the security of the link obtained. Your description of the returned link is too short and doesn't say anything about security. It says 2 types of links are returned, first is shared and the second is a download, valid for 4 hours. Does it mean, these links then become open to all who get their address? As a user of the web app I would assume that when I opens a file to process in my web app, it's available only to the Web App and to no one else except to myself via regular dropbox access from other sources. Please clarify the security risk of the file chosen so that I can make a decision whether it's safe to use for the users of my web app.

 

Thanks.

    • sanjayssk's avatar
      sanjayssk
      Helpful | Level 6

      Hi Greg,

       

      Thanks for replying promptly. 

       

      A few related questions:

      1) I thought specifying the Chooser/Saver domain for the App Settings will only make the file available to that domain. Is that true at least for the second type of "download" URL that expires in 4 hours? Or is that also available from anywhere for download?

       

      2) BUG: Also when I click on the Links (www.dropbox.com/share/links) to see what links are now exposed, it's just stuck on wait cursor for a long time, over 15 minutes now. Seems like a bug.

       

      I think when Web Apps use this feature, they are exposing a security risk for the end user where the user is unaware that private files may be exposed via links. At least the chooser dialog should give a prominent warning.

       

       

       

      Thanks.

       

      • Greg-DB's avatar
        Greg-DB
        Icon for Dropbox Staff rankDropbox Staff
        1) No, the Chooser/Saver domains specify which domains can use your app key for the Chooser/Saver. That does not affect the resulting links.

        2) That sounds like an issue with the web site. Please open a ticket here for help with that:

        https://www.dropbox.com/support

        And thanks for the feedback!

About Dropbox API Support & Feedback

Node avatar for Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.5,950 PostsLatest Activity: 2 hours ago
352 Following

If you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X or Facebook.

For more info on available support options for your Dropbox plan, see this article.

If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!