<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Chooser and security in Dropbox API Support &amp; Feedback</title>
    <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Chooser-and-security/m-p/245656#M13943</link>
    <description>&lt;P&gt;I'm a beginner but am now using the Chooser API successfully from a Web app. But I'm concerned about the security of the link obtained. Your description of the returned link is too short and doesn't say anything about security. It says 2 types of links are returned, first is shared and the second is a download, valid for 4 hours. Does it mean, these links then become open to all who get their address? As a user of the web app I would assume that when I opens a file to process in my web app, it's available only to the Web App and to no one else except to myself via regular dropbox access from other sources. Please clarify the security risk of the file chosen so that I can make a decision whether it's safe to use for the users of my web app.&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;Thanks.&lt;/P&gt;</description>
    <pubDate>Wed, 29 May 2019 09:18:32 GMT</pubDate>
    <dc:creator>sanjayssk</dc:creator>
    <dc:date>2019-05-29T09:18:32Z</dc:date>
    <item>
      <title>Chooser and security</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Chooser-and-security/m-p/245656#M13943</link>
      <description>&lt;P&gt;I'm a beginner but am now using the Chooser API successfully from a Web app. But I'm concerned about the security of the link obtained. Your description of the returned link is too short and doesn't say anything about security. It says 2 types of links are returned, first is shared and the second is a download, valid for 4 hours. Does it mean, these links then become open to all who get their address? As a user of the web app I would assume that when I opens a file to process in my web app, it's available only to the Web App and to no one else except to myself via regular dropbox access from other sources. Please clarify the security risk of the file chosen so that I can make a decision whether it's safe to use for the users of my web app.&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;Thanks.&lt;/P&gt;</description>
      <pubDate>Wed, 29 May 2019 09:18:32 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Chooser-and-security/m-p/245656#M13943</guid>
      <dc:creator>sanjayssk</dc:creator>
      <dc:date>2019-05-29T09:18:32Z</dc:date>
    </item>
    <item>
      <title>Re: Chooser and security</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Chooser-and-security/m-p/245676#M13947</link>
      <description>Yes, the shared links returned by the Chooser are the same kind of shared link as used by the general shared link feature in Dropbox:&lt;BR /&gt;&lt;BR /&gt;&lt;A href="https://www.dropbox.com/help/files-folders/view-only-access" target="_blank"&gt;https://www.dropbox.com/help/files-folders/view-only-access&lt;/A&gt;&lt;BR /&gt;&lt;BR /&gt;That allows anyone with the link to access the shared content. Users can always revoke these shared links from the web site:&lt;BR /&gt;&lt;BR /&gt;&lt;A href="https://www.dropbox.com/share/links" target="_blank"&gt;https://www.dropbox.com/share/links&lt;/A&gt;&lt;BR /&gt;&lt;BR /&gt;Hope this helps!</description>
      <pubDate>Fri, 06 Oct 2017 18:57:47 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Chooser-and-security/m-p/245676#M13947</guid>
      <dc:creator>Greg-DB</dc:creator>
      <dc:date>2017-10-06T18:57:47Z</dc:date>
    </item>
    <item>
      <title>Re: Chooser and security</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Chooser-and-security/m-p/245735#M13956</link>
      <description>&lt;P&gt;Hi Greg,&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;Thanks for replying promptly.&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;A few related questions:&lt;/P&gt;
&lt;P&gt;1) I thought specifying the Chooser/Saver domain for the App Settings will only make the file available to that domain. Is that true at least for the second type of "download" URL that expires in 4 hours? Or is that also available from anywhere for download?&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;2) BUG: Also when I click on the Links (&lt;SPAN&gt;&lt;A href="http://www.dropbox.com/share/links" target="_blank"&gt;www.dropbox.com/share/links&lt;/A&gt;&lt;/SPAN&gt;) to see what links are now exposed, it's just stuck on wait cursor for a long time, over 15 minutes now. Seems like a bug.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;I think when Web Apps use this feature, they are exposing a security risk for the end user where the user is unaware that private files may be exposed via links. At least the chooser dialog should give a prominent warning.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;Thanks.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Sat, 07 Oct 2017 02:12:25 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Chooser-and-security/m-p/245735#M13956</guid>
      <dc:creator>sanjayssk</dc:creator>
      <dc:date>2017-10-07T02:12:25Z</dc:date>
    </item>
    <item>
      <title>Re: Chooser and security</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Chooser-and-security/m-p/245978#M13980</link>
      <description>1) No, the Chooser/Saver domains specify which domains can use your app key for the Chooser/Saver. That does not affect the resulting links.&lt;BR /&gt;&lt;BR /&gt;2) That sounds like an issue with the web site. Please open a ticket here for help with that:&lt;BR /&gt;&lt;BR /&gt;&lt;A href="https://www.dropbox.com/support" target="_blank"&gt;https://www.dropbox.com/support&lt;/A&gt;&lt;BR /&gt;&lt;BR /&gt;And thanks for the feedback!</description>
      <pubDate>Mon, 09 Oct 2017 14:58:18 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Chooser-and-security/m-p/245978#M13980</guid>
      <dc:creator>Greg-DB</dc:creator>
      <dc:date>2017-10-09T14:58:18Z</dc:date>
    </item>
  </channel>
</rss>

