2219 - MM5 access to Dropbox ... why ask for access to everything?

[Barry4679]

MM5 asks for, and gets full access to all of the user's Dropbox files and folders.

Is this necessary? Is it it wise?

Alternatively Dropbox allows apps to request just "app folder" permissions, which would restrict your access to only a MediaMonkey folder, in the user's App folder.

Wouldn't this suit most people better? ... Are people really going to want to grant you more access than is necessary?

As it is, a MM user is warned against allowing MM5 access to their Dropbox library, due to MM's "small number of users" ... I don't think that this would happen if you only requested App level access.

From the Dropbox Reference Guide:

App permissions
When you start building an app on the DBX Platform, you'll need to create a Dropbox app in the App Console. As part of the process, you'll need to choose the right permission for your app. Your app's permission (sometimes referred to as access type in the documentation) determines what data your app can access in a user's Dropbox.

App folder
A dedicated folder named after your app is created within the Apps folder of a user's Dropbox. Your app gets read and write access to this folder only and users can provide content to your app by moving files into this folder.

Full Dropbox
You get full access to all the files and folders in a user's Dropbox.

Your app should use the least privileged permission it can

.

[rusty]

The issue here is that with an app-specific folder, MM would only be able to sync with a folder that MM created. So for example, if the user had a pre-existing music folder in DropBox, MM wouldn't be able to access it.

-Rusty

[Barry4679]

The issue here is that with an app-specific folder, MM would only be able to sync with a folder that MM created. So for example, if the user had a pre-existing music folder in DropBox, MM wouldn't be able to access it.

You have made this sound more restrictive than it is.
If MM sought only App Folder rights, as it should IMO, it is true that it would only be able to read|write files in the MM directory in their App folder.

But if the user already stores music in Dropbox, they could move their music folder into the MM folder ... this is just a quick pointer update, and does not involve a round-trip copy back up to Dropbox, as long as it is a cut and paste.

The folder, in its new location, is still accessible to other applications.

The Dropbox recommendation to Developers is "Your app should use the least privileged permission it can".

I would think that would be in MM's best interests too. ... ie. if something bad happens to non_MM data, in a MM customer's Dropbox library, MM can be excluded from suspicion.