Well I just changed my Drop Box password and unbelievably all the client machines are still happily syncing away! I imagined as soon as I changed the password via the website it would break all the client machines untill the password was updated. Also on the client machine if i clink on the link to go to dropbox.com it auto logs in just fine with the old password! Has this alway's been the case? Has anyone else seen this?
When you enter the username/password on a client it is just to link it to your dropbox account. Once linked you can change the password as the client has already authenticated and will keep the authentication token until it's unlinked manually. To stop a client syncing you have to do it in the client settings or via the account section on the dropbox website devices section.
Thanks Atomic I did just as you said and unlinked all machines via the website. Crazy that changing the password still allows syncing but that's just my opinion. Thanks for the help again buddy + Rep
This is a feature that is used by most sites/applications with shared log ins. I know its a different platform but facebook is another that uses the same / very similar system. When you use the sign in with facebook option on a site or app changing your facebook password will not prevent the others from accessing your account. This means that you dont have to go round and change the password on all the sites that you use the facebook log in for. Its the same with drop box so you dont have to reconfigure every client when you change your password and the ability to remotely close the link to any client on your account and delete all content means that you can easily manage those that you no longer use.
Authorizing via username and password gives the client an access to your dropbox account, where it can request an access token via API. After that it never uses your username and password again, it authorizes via access token. It is called OAuth and it is used widely all over the net. Apps accessing Google Accounts ? They use it (did you notice the window where it asks you if you grant access rights to the app) ? Facebook ? They use it. Twitter ? The actually came up with the idea. http://en.wikipedia.org/wiki/OAuth https://www.dropbox.com/developers/blog/45/using-oauth-20-with-the-core-api
Don't forget that removing Dropbox access doesn't remove the files from that device. I had a laptop stolen 3 days after it arrived - just enough time to install Dropbox and sync up. They hadn't tried to sync, so I'm hopeful that the thief simply wiped the drive. No way to stop someone accessing those files though. On the replacement, I installed Prey and Truecrypt straight off.
I tried Boxcryptor a while back. Seemed to work fine, albeit without filename encryption and device limitations on the free version. Gives you that warm feeling that even Dropbox themselves can't access your files
