On Thursday, 16 March 2017 20:06:45 UTC, Arlen Beiler wrote: > > > If anyone else would like to host their cloud connecting app on this site, > let me know and I will setup a repository for you. I'm also going to add > Jeremy as an admin to the organization. > > As somebody who deals with security issues everyday, I'm going to say "No", and here's why.
The permissions you've set for you app requests unrestricted access to the user's Dropbox account. Which means that your system can access any file, in any directory. Whilst many people think that this only allows the user to trigger the interactions, selecting the necessary files as they wish, it does not restrict your API calls from perform additional requests at the same time. You may be honourable in your intentions and it's a good system, but there is the potential for abuse. Now if the system was to only request the App Folder permission then this would be a lot better. The DB API system would prevent unwarranted intrusion and permit access to be restricted to files just within that folder. -- You received this message because you are subscribed to the Google Groups "TiddlyWiki" group. To unsubscribe from this group and stop receiving emails from it, send an email to tiddlywiki+unsubscr...@googlegroups.com. To post to this group, send email to tiddlywiki@googlegroups.com. Visit this group at https://groups.google.com/group/tiddlywiki. To view this discussion on the web visit https://groups.google.com/d/msgid/tiddlywiki/ac45370d-780a-4d98-b4ab-e118e0fa495b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
