How we got around Dropbox API limitations (opens in new tab)

(blog.mybackupbox.com)

22 pointsew14y ago8 comments

8 comments

6 comments · 2 top-level

tlogan14y ago· 2 in thread

So if I use your service my files will be also in your Dropbox account (which is also shared with some other users)? So if somebody gets into your account it can restore my files via Dropbox restore even after I de-authorized your application?

I also don't like that a relatively small mistake/bug can cause that my files can be accessed by some other user.

Good luck.

mfossen14y ago

The nice part is that we don't have to share our dropbox folder with other users, so we don't. to utilize copy_ref we just need separate access to each of the accounts to do the API call. We have special dropbox accounts that are only used by the servers. Like anything, we take serious effort to ensure that this information isn't compromised.

As Eric mentioned, we have an email to Dropbox to see if we can permanently delete through the API. Until then, we will have to rely on keeping the login information to these accounts safe, which is saved in the same high level of encryption as our user account information.

I am not sure that I follow how a small bug could cause your files to be accessed. All access to the user accounts are kept completely separate. We take all concerns with user data and security very seriously.

ewOP14y ago

We just pounded out an email to Dropbox asking about enabling the permanent delete feature via the API. It exists in the web interface already so why not the API?

I guess I have to say that we spend a ton of effort minimizing risk and keeping security up, but you knew that :)

ewOP14y ago· 2 in thread

To our knowledge we are the first service to allow transfers to and from Dropbox without hitting the 150mb limit. We currently support, FTP, SFTP, and Dropbox and connectors. Feedback is appreciated.

j_s14y ago

1. Yet another product blog with a main icon linking back to the blog instead of the product.

2. Privacy implications of intermediate step to your dropbox account seem to be pretty staggering.

3. Possible to get DDOS'd by monster files?

ewOP14y ago

1. BAM! Fixed, thanks for the catch :) 2. We have to download the files anyway, there's no go-between or else we wouldn't have had to build one! 3. We throttle monster files down and are currently building out our distributed infrastructure.

1 more reply

j / k navigate · click thread line to collapse

8 comments

6 comments · 2 top-level

tlogan14y ago· 2 in thread

I also don't like that a relatively small mistake/bug can cause that my files can be accessed by some other user.

Good luck.

mfossen14y ago

ewOP14y ago

We just pounded out an email to Dropbox asking about enabling the permanent delete feature via the API. It exists in the web interface already so why not the API?

I guess I have to say that we spend a ton of effort minimizing risk and keeping security up, but you knew that :)

ewOP14y ago· 2 in thread

To our knowledge we are the first service to allow transfers to and from Dropbox without hitting the 150mb limit. We currently support, FTP, SFTP, and Dropbox and connectors. Feedback is appreciated.

j_s14y ago

1. Yet another product blog with a main icon linking back to the blog instead of the product.

2. Privacy implications of intermediate step to your dropbox account seem to be pretty staggering.

3. Possible to get DDOS'd by monster files?

ewOP14y ago

1 more reply

j / k navigate · click thread line to collapse