|
|
|
|
|
|
by tjosten
2537 days ago
|
|
|
Hi there, Dropshare developer here. I’d like to quickly clarify that the initial statements are untrue. The Webserver is used as communication bridge between the Share Extension and the app. It only accepts requests with a signature. It cannot delete, share or else manage any uploaded files, and has no code that could potentially cause any harm on your server (e.g. by executing things). It only accepts file urls from your local machine to be uploaded and again, only with a properly signed request. It is unfair to compare this to the Zoom case since there is no potential vulnerability and other than you explain, there is no danger involved with someone making damage to files on your server or whatsoever. Best,
Timo P.S.: Of course in case you think you did find indeed a vulnerability I am not aware of, please get in touch via support@getdropsha.re according to responsible disclosure. |
|
|