So if I use your service my files will be also in your Dropbox account (which is also shared with some other users)? So if somebody gets into your account it can restore my files via Dropbox restore even after I de-authorized your application?
I also don't like that a relatively small mistake/bug can cause that my files can be accessed by some other user.
The nice part is that we don't have to share our dropbox folder with other users, so we don't. to utilize copy_ref we just need separate access to each of the accounts to do the API call. We have special dropbox accounts that are only used by the servers. Like anything, we take serious effort to ensure that this information isn't compromised.
As Eric mentioned, we have an email to Dropbox to see if we can permanently delete through the API. Until then, we will have to rely on keeping the login information to these accounts safe, which is saved in the same high level of encryption as our user account information.
I am not sure that I follow how a small bug could cause your files to be accessed. All access to the user accounts are kept completely separate. We take all concerns with user data and security very seriously.
We just pounded out an email to Dropbox asking about enabling the permanent delete feature via the API. It exists in the web interface already so why not the API?
I guess I have to say that we spend a ton of effort minimizing risk and keeping security up, but you knew that :)
To our knowledge we are the first service to allow transfers to and from Dropbox without hitting the 150mb limit. We currently support, FTP, SFTP, and Dropbox and connectors. Feedback is appreciated.
1. BAM! Fixed, thanks for the catch :)
2. We have to download the files anyway, there's no go-between or else we wouldn't have had to build one!
3. We throttle monster files down and are currently building out our distributed infrastructure.
I also don't like that a relatively small mistake/bug can cause that my files can be accessed by some other user.
Good luck.