About Dropbox App Permissions

  • Resolved ivo82

    (@ivo82)


    5 years, 3 months ago

    Hi,

    we use InpsydeBackWPup app to upload backups into Dropbox.

    What happens if somebody get hands on the API keys? Will they only to upload files & delete old backups (this is what the app does)?

    Or they will also be able to download old backups, and thus access the information in the database?

Viewing 1 replies (of 1 total)
  • happyAnt

    (@duongcuong96)

    5 years, 3 months ago

    Hello @ivo82
    Thank you for asking ^^ I would happy to answer your questions:

    What happens if somebody get hands on the API keys? Will they only to upload files & delete old backups (this is what the app does)?
    Or they will also be able to download old backups, and thus access the information in the database?

    They can only do that if they are able to modify/inject malicious code to your site because the API only works with your domain. So I would suggest protecting your site with WP security guideline: https://ww.wp.xz.cn/support/article/hardening-wordpress/

    You can also tighter BackWPUp permission by only allow App Access to Dropbox option instead of full access

    I hope my answer could help ^^

Viewing 1 replies (of 1 total)

The topic ‘About Dropbox App Permissions’ is closed to new replies.