cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Learn all about apps and Dropbox integrations to make working from home easy here!

Dropbox files & folders

Get in sync with the Dropbox Community. Our members can answer all your questions on Dropbox files and folders. Join a discussion or start your own today.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Owner of the folder should be able to forbid other members from creating links

Owner of the folder should be able to forbid other members from creating links

DreamboxIsASieve
Explorer | Level 3

The "Manage access" setting below is misleading and offers a false sense of security. It makes little difference that the Owner of the folder can prevent others from adding members to the shared folder, because the Owner has zero control over (or even knowledge of) whether the other members create an unsecured link to the shared folder.  

 

Screen Shot 2021-03-26 at 7.19.52 AM.png

 

If a user of the folder creates a shared link, the Owner is not notified. The link does not even appear in the Owner's account. 

 

This is an embarrassingly low level of security. Why?

 

6 Replies 6

Re: Owner of the folder should be able to forbid other members from creating links

Mark
Super User II

Just playing devils advocate for a moment, but, what is to stop a person simply copying and pasting the file to another Dropbox directory and creating a link to it from there?


 


:penguin::penguin: - :penguin: - :penguin: - :penguin:


Heart Did this post help you? If so please mark it for some Kudos below. 


:white_check_mark: Did this post fix your issue/answer your question? If so please press the 'Accept as Solution' button to help others find it.


:arrows_counterclockwise: Did this post not resolve your issue? If so please give us some more information so we can try and help - please remember we cannot see over your shoulder so be as descriptive as possible! 


 

Re: Owner of the folder should be able to forbid other members from creating links

DreamboxIsASieve
Explorer | Level 3

Nothing. But that would be an intentional act by the other member, and they would have to repeat that act every time the shared folder was updated.  

 

Dropbox's lax security for shared links creates a lot more unnecessary risk than your devil's advocate scenario.

 

Any user (including view-only users who purportedly do not have the authority to "add people to this folder") can open up a back door to the folder (and all subsequent updates to that folder) for the world to see. And the Owner would have no idea that this happened. Nor would the Owner be able to shut it down. 

 

This problem is further compounded by the fact that Dropbox's interface actively encourages users to create links with a single click. If we right click in Finder and accidentally select the wrong option, a shared link is created. Or if we are online and try to click the "More" menu, but accidentally click just a few pixels to the left, the folder is shared with the world.

 

Worse still, the default is to create a link that is not password-protected.   

 

Owners should have more control over this.  

 

Look at Sync.com--they do not have this problem. Owners have more control.

Re: Owner of the folder should be able to forbid other members from creating links

Rich
Super User II

@DreamboxIsASieve wrote:
Owner of the folder should be able to forbid other members from creating links

The feature you're referring to exists, and is available on Dropbox Business accounts.

 

Re: Owner of the folder should be able to forbid other members from creating links

DreamboxIsASieve
Explorer | Level 3

@Rich wrote:

@DreamboxIsASieve wrote:
Owner of the folder should be able to forbid other members from creating links

The feature you're referring to exists, and is available on Dropbox Business accounts.

 


Those security options in Dropbox Business accounts do not address what I'm talking about. Those features would allow me to restrict whether or not folders could be shared outside the Team, but that is not my concern.

 

I need to share view-only folders externally.  My concern is that I don't want the view-only members of a shared folder to be able to open up an unsecured shared link to that folder without my knowledge. 

 

Sync.com forbids this: Users with view-only access to folders cannot invite others nor create a shared link to the folder.

 

Dropbox, Dropbox Professional, and Dropbox Business allow anyone invited to the folder--even users with view-only access--to generate an unsecured link to that folder which opens it up for the world to see. That is lax security.

 

I stand by my original post: 

"The "Manage access" setting below is misleading and offers a false sense of security. It makes little difference that the Owner of the folder can prevent others from adding members to the shared folder, because the Owner has zero control over (or even knowledge of) whether the other members create an unsecured link to the shared folder."

 

Dropbox should give Owners more control over the creation of shared links to their folders. 

Re: Owner of the folder should be able to forbid other members from creating links

Daphne
Dropboxer
Hey @DreamboxIsASieve!

If you don't want people to access a folder through a shared link, when they've not been invited to the shared folder, can you try applying the following setting:
  1. Select the shared folder and click "Share".
  2. Click the gear icon in the top right of the window.
  3. Choose the tab "Link for viewing".
  4. For the setting "Who has access", change this to "Only people invited".
If someone creates or copies a shared link created for this folder, they will only be able to access the folder if they've had the folder shared with them via their email address too.

I can suggest applying this setting, and then creating/copying a shared link for the folder to open in an incognito window to check this out. (It should give you a "no access" error).

Let me know if that would do the trick!

Daphne
Community Moderator @ Dropbox
dropbox.com/support


Heart Did this post help you? If so, please give it a Like below.
:arrows_counterclockwise: Still stuck? Ask me a question!
:pushpin: Tips & Tricks Find new ways to stay in flow or share your tips on how you work smarter with Dropbox.

Re: Owner of the folder should be able to forbid other members from creating links

DreamboxIsASieve
Explorer | Level 3

@Daphne wrote:
If you don't want people to access a folder through a shared link, when they've not been invited to the shared folder, can you try applying the following setting:
  1. Select the shared folder and click "Share".
  2. Click the gear icon in the top right of the window.
  3. Choose the tab "Link for viewing".
  4. For the setting "Who has access", change this to "Only people invited".
If someone creates or copies a shared link created for this folder, they will only be able to access the folder if they've had the folder shared with them via their email address too.


That setting would only apply to shared links that the Owner creates. 

 

The issue is that other members of the folder--including View Only members--can create unsecured shared links from their accounts. And Dropbox does not give the Owner any ability to restrict those members' rights to create shared links, nor any way of knowing when other members have created any shared links. 

 

I stand by my original post. Dropbox needs to change this.

Poll
How do you get refocussed while working from home? Do you find any of these options keep you from getting distracted?
Who's talking

Top contributors to this post

What do Dropbox user levels mean?
Need more support?