You may have seen recent press about security vulnerability in some file sharing and storage platforms, including Box and Dropbox, so we thought we'd discuss the issue and let you know that Workshare is not exposed to this risk.
The issue is around how hyperlinks are exposed inside shared documents. The vulnerability means private files may ultimately be read by third parties or indexed by search engines - and can also provide a vector for web-borne malware. Workshare is happy to confirm that the way we deal with hyperlinks in shared documents means we do not expose Workshare customers or guest users to this risk.
Dropbox and Box Drop the Link Ball
With online file sharing services, Dropbox and Box, the problem is with documents containing embedded hyperlinks. When a user clicks these on a browser, something called a 'referral header' which contains a link to the address of the page that the user started from, is added. This is usually used to track incoming traffic on the destination website. This is a default setting on most browsers, and additional code needs to be implemented by these platforms to prevent this.
No Issue with Workshare
With Workshare, when viewing a document online, from the desktop or mobile app, hyperlinks that are embedded in the document (or even in comments added to that document) are stripped from referral headers fr the users protection. For further protection, on both web and desktop - where there is further risk from malware being installed - hyperlinks in both the document and comments are entirely disabled and displayed as text. In addition to this security measure, Workshare also allows users to specify the default security setting associated with folder or file links.
We thought it was important to explain this and reassure you that there is no risk from embedded links in shared files for Workshare users.