OneDrive


Feedback by UserVoice

I suggest you ...

Share links dangerously default to view and edit

File sharing currently defaults to creating a link with both view AND edit permissions. This link is retained, without any indication to the user, even when the user deselects the allow edit permissions box.

This is a VERY dangerous security flaw because some search engines are capable of discovering these links by brute force. I had one of my excel files completely *nuked* by an anonymous rando that had found the view+edit link that I never knew had been created (even though I only ever explicitly shared a view-only link for the file). They nuked the file by reverting it back to the very first version of it that I had uploaded, and there was no way for me to be able to un-revert it. It was only my habit of keeping offline copies of *everything* that I was able to replace the file.

This needs to be fixed ASAP. Onedrive.com should NEVER default to view+edit like this if it is going to invisibly retain the links without the user being immediately aware of it. This is a MAJOR security flaw.

52 votes
Vote
Sign in
(thinking…)
Sign in with: facebook google
Signed in as (Sign out)
You have left! (?) (thinking…)
Calyo Delphi shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

4 comments

Sign in
(thinking…)
Sign in with: facebook google
Signed in as (Sign out)
Submitting...

OneDrive Archive: Bugs

Feedback and Knowledge Base