Share links dangerously default to view and edit
Copied wholesale from another link as it appears to be archived:
File sharing currently defaults to creating a link with both view AND edit permissions. This link is retained, without any indication to the user, even when the user deselects the allow edit permissions box.
This is a VERY dangerous security flaw because some search engines are capable of discovering these links by brute force. I had one of my excel files completely nuked by an anonymous rando that had found the view+edit link that I never knew had been created (even though I only ever explicitly shared a view-only link for the file). They nuked the file by reverting it back to the very first version of it that I had uploaded, and there was no way for me to be able to un-revert it. It was only my habit of keeping offline copies of everything that I was able to replace the file.
This needs to be fixed ASAP. Onedrive.com should NEVER default to view+edit like this if it is going to invisibly retain the links without the user being immediately aware of it. This is a MAJOR security flaw.
I totally agree with this. The default should be view only. Or give us two links. Now I have to make 5 clicks to change it. Ridiculous!
Been searching for an answer to this (in particular, when sending a link from iphone app). Sad to see it's been ongoing since at least 2016...
Why would you want to Edit by default?
"According to Microsoft, the CVE-2020-0935 vulnerability, is a privilege elevation risk that exploits how the OneDrive for Windows desktop app handles symbolic links. If successfully exploited, an attacker could take control of the affected Windows system by overwriting a targeted file and gaining elevated status."
Pedro DD commented
Pedro DD commented
I can't set the link to read-only access. This is ridiculous.
I think the idea is to FORCE you to use SharePoint.
I am not sure why I would want to by default publicly share a resource that can immediately be deleted. Maybe someone in OneDrive can explain the security thinking behind this so we can better understand why it is designed in such a way to expose such a massive vulnerability to our resources.