Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Optionally turning off link sharing #13

Closed
kingatomic opened this issue Sep 20, 2011 · 3 comments
Closed

Optionally turning off link sharing #13

kingatomic opened this issue Sep 20, 2011 · 3 comments
Labels
Feature request

Comments

@kingatomic
Copy link

Would it be possible to turn off anonymous link sharing (through the share button), perhaps as a global option? Or maybe as part of the folder permissions?

Here is my use case: my company occasionally needs to send information to 3rd-party vendors which may include sensitive data (such as SSNs). Boxroom + SSL would ideally suit our needs: our company's staff would each have logins and be part of one group, and our vendors would each have a separate group and folder (with permissions), and their designated staff would also be given logins. If we could turn off link sharing, we'd be able to force logins (and therefore apply permissions) for anyone seeking to download files.
@mischa78
Copy link
Owner

It would probably not be much work to implement this, but to be honest, I don't see what this solves for you. The share button is just there for convenience. If they have access to the file they can download it and share it via any other way. That's beyond your control, and there is nothing you can do to prevent it.

@kingatomic
Copy link
Author

The share button is just there for convenience. If they have access to the file they can download it and share it via any other way.

It's not a technical restraint so much as a matter of liability. As long as we (the providers of the service) do our due diligence to make sure the data is safe while in our control, we are not legally liable if one of our vendors goes and does something stupid after they've downloaded the file (such as email the file around without encryption).

On the other hand, if one of our staff sent a share link to a 3rd party, and that 3rd party's email account were compromised, it would be trivial for the unauthorized person to retrieve the file. In all likelihood, should people get worked up to starting suing, we'd be held liable because we didn't take adequate measures to ensure the end-recipient is actually authorized to retrieve the file.

I hope that helps sort out why this would be helpful to us (and presumably, any company working with sensitive data). Thanks!

@mischa78
Copy link
Owner

Sorry for the extremely late reply. I'm going to close this feature request. If you don't want to allow people to share files, just remove the link from views/folders/show.html.erb and delete the share_links_controller.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Feature request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mischa78 @kingatomic