Hacker News new | past | comments | ask | show | jobs | submit login

Wow, can 3rd-party services actually delete all your data if they wanted to? It's not just read-only access?



Dropbox has two types of authorization, entire dropbox level and app-folder level. IFTTT allows you to type in a full dropbox path instead of being restricted to /ifttt, so it requests the full access. It would be nice if they offered you the choice, and then if you picked the app-folder, the paths only allowed /ifttt.

It also looks like DropBox doesn't have access levels beyond that. If you have access, you can use any of the API, upload / download / delete / etc.


I have no idea!

The permissions page at Dropbox says:

The app ifttt would like to connect with your Dropbox.

    This app will have access to your entire Dropbox.
    Please make sure you trust this app before proceeding.
    You're currently logged in as user@example.org. If you meant to connect from another account, you can logout.
Doesn't define what "access" might entail. If the permissions allow create/upload I have to assume it includes delete as well.


Some of ifttt's Dropbox actions involve doing things like saving an image to your Dropbox, which would be hard with read-only access...




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: