Hacker News new | ask | show | jobs
by LeoHexspoor 4706 days ago
I really like the idea but I also have some concerns about people uploading random files to your dropbox. The idea with the password/access token is a good first step but I was surprised to see the password in plaintext in the url after you login...

Besides that it looks someone claimed your signin page as a username.
1 comments
ErikHuisman 4705 days ago
Do you mean the access_token en udid? This is how oauth works. It would be nice though if he did an extra redirect after successful connect.
link
LeoHexspoor 4705 days ago
No I mean if you secure your dbinbox via the settings with a password. If you then login to that dbinbox you get the following url:

http://dbinbox.com/xxx?password=myplaintextpassword

link
christiangenco 4705 days ago
Ahh yeah. The idea behind that was that you could just enter the URL with the password and skip a screen.

If you'd like to implement a better password authentication system, I'd be happy to accept your pull request.

link