Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[建议] 使用AppFolder以提高安全性 #7

Open
Teages opened this issue Oct 23, 2021 · 1 comment
Open

[建议] 使用AppFolder以提高安全性 #7

Teages opened this issue Oct 23, 2021 · 1 comment

Comments

@Teages
Copy link

Teages commented Oct 23, 2021

如果直接使用 Files.ReadWrite.All, 应用将可以访问全部的文件, 对用户和开发者都不安全.

但是如果使用Files.ReadWrite.AppFolder, 可以将应用的访问权限限制在应用程序文件夹内.

要进行修改也很简单, 只需将config.jsscope 改成 'openid https://graph.microsoft.com/Files.ReadWrite.AppFolder', 然后将api.js 中, url的 drive/root: 替换成 drive/special/approot: 即可.

经本地验证, 行为符合预期
@harrisoff
Copy link
Owner

芜湖,竟然有人提 issue,刚看到。。

@harrisoff harrisoff mentioned this issue May 8, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@harrisoff @Teages