greenaddress
Request: NLockTimes sent through link to dropbox rather then sending an email every time.
We reviewed this option.
The issue is that there is no dropbox API that allows us to write but not to delete these files so it would not be safe for us to have access to them.
There's also no way we can have write access without having read access.
As long as dropbox doesn't support write without delete we feel this is not as secure as email, i.e. with email we can't touch it once it is sent to you.
Thoughts?
Blockchain uses the api to upload wallet backups... Can you not do something similar? I could be wrong but aren't they only given permissions to one folder?
I'm not sure ability to delete is a problem since dropbox provides the ability to restore files to previous state.
@r3ap3r that as may be, the problem is not that we have access to the folder but that we can delete all files from it so if your intention is to use dropbox as opposed to email so to not see it then you'd risk that at any time we can delete all files so you now need a solution that copies the files away from your dropbox.
tldr: say someone malicious attacks our servers then they may delete the dropbox nlocktime zips.
It was my understanding that when deleting files with the API it can be a permanent delete and therefore not allow you to restore.
Do you have information on their api? from https://www.dropbox.com/developers/reference/devguide
https://www.dropbox.com/developers/core/docs#fileops-delete
As far as i can see you can't restore these but please prove me wrong because I'd love to add support for it!
Hmm if the API somehow permanently deletes then I guess that wouldn't work. I've never used their api, I just know I've had no problem using their restore functionality in the past and assumed it would continue to work in this case. Where does it specify that the delete is permanent? I don't see it in the links you provided.
I wasn't actually aware of their undelete functionality.
It is not clear on their site if it applies to all access or if via API it is different. In the api i didn't see a restore but is there and i don't see a permanent delete which i do see on the web app.
One thing though for sure is that by default in the normal dropbox account deleted files can only be undeleted for 30 days.
Doesn't sound too safe, imho, but then again it IS an optional feature and as long as we are clear about the implications it should be OK.
Thoughts?
I would think 30 days would be plenty of time to realize that not only was greenaddress hacked to issue this delete command to everyone's dropbox but also disappearing permanently at the same time:)
But yes, a clear warning would be a good idea.
I would also love to hear if anyone else has any thoughts on the security implications of this because I certainly don't know everything.