In the twisted world of secret-seekers and back-door-openers on the internet, you can never be too careful. That’s why Dropbox has made clear this week that they’re addressing a rare – but important – situation that had the potential to allow users access to files they should not have had access to.
The situation at hand includes a user sharing a Dropbox document that’d normally only be accessible to those with a link to said document. Inside that document is a hyperlink to a webpage.
Because of a standard element in all web browsers called a referer header, the web master of any webpage is able to see the source of all traffic coming in to his or her webpage. If a link comes from a Dropbox document, they’ve then got access to said document – provided the creator set the document to only be viewable to those with the link.
Dropbox has decided that this vulnerability is important enough to be patched. Therefor they’re disabling previously shared links to documents with hyperlinks in them until further notice.
You can, on the other hand, re-create any shared links that’ve been turned off, as the Dropbox crew have patched the vulnerability for future shared links.