Shared link keeps on working even after it is expired

フォローする

新規投稿

Nikhil Mittal

• 2021年09月07日 16:53

After generating a shared link with view-only access for a doc/video if the user opens the link in the browser to view it, the whole content is still available even after shared link has expired. More surprisingly while viewing there is absolutely no checks made to the Box.com APIs by the browser. Therefore the shared link content is available even if there is no network connection. Of course if user refreshes the browser then it fails.

This is surprising as whole content (doc or video file) is downloaded by the browser.  Isn't it possible that a hacker can find this content ?

I tested with a a 10MB  size file so not sure what is the behavior when file is very large.

 

0

• 

  France

  • 2021年09月07日 19:21

  Hi Nikhil, 

  Welcome to the Box Community!

   

  This would be something our Box Support team would like to investigate with you and may require specific account information. 

   

  I've gone ahead and created a ticket for you so that an agent can work directly with you on looking into this. Please check your email for details and updates.

   

  Thanks for your patience!

   

  Best,

  0

  コメントアクション パーマリンク

サインインしてコメントを残してください。