-
Notifications
You must be signed in to change notification settings - Fork 86
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Dropbox - access to subfolder only #24
Comments
@vovodroid: I see that both options are possible via Dropbox-API (https://www.dropbox.com/developers/reference/developer-guide#app-permissions). I see some glitches:
|
Assuming some malware attacked computer and stole DropBox auth tokens it will get access to whole DropBox account.
I guess hardcoded name can be used to keep it simple.
I believe it can. |
I see your point but I'm unsure about that. Currently I'm not willing to change something short-term: I won't restrict the plugin in this point. Maybe we find a better solution. I leave this issue open to collect some more opinions on that. Here are my thoughts: For me, cloud storage providers should be considered unsecure by default and the user is responsive for additionally protecting his data. Btw: I can't change the app permission in Dropbox Developer Center at this time ... I need to create a new App Key (or revoke the current one). |
Sure. But it's not stored on computer. |
+1 for App folder permissions only |
Hi @vovodroid, @namtab00, @0Derece, I'd like to solve this by creating a "new" Provider "Dropbox-Secure" (URL-Schema "dropboxs") with folder permission only. This means I created a second App in Dropbox - one with full permission and one with app folder permission. You can now register a new account either "Dropbox" or "Dropbox-Secure" (or mix both if you like). What do you think? Does this solve this issue for you all? |
Try it youself with a preview (unstable) of KeeAnywhere 1.2.0: |
I think it's great, working like a charm! What about other providers, like Google Drive? Does it have the same issue? |
I haven't checked other providers so far. I just wanted to check out, Vovodroid notifications@github.com schrieb am Mo., 20. Juni 2016, 16:28:
|
Sure it is! |
Thank you @Kyrodan... It's perfect... |
Checked this for the other providers:
|
@vovodroid @namtab00 @0Derece, I renamed "Dropbox-Secure" to "Dropbox-Restricted". I think this is a more intuitive name. You all need to re-add your accounts in final 1.2.0. |
Currently plugin asks permission to the whole Dropbox account. From security reasons it would be much better to get permission to subfolder only, e.g. "KeeAnywhere".
The text was updated successfully, but these errors were encountered: