View Single Post
Old 03-13-2019, 06:06 PM   #5
chaley
Grumpy old git
chaley ought to be getting tired of karma fortunes by now.chaley ought to be getting tired of karma fortunes by now.chaley ought to be getting tired of karma fortunes by now.chaley ought to be getting tired of karma fortunes by now.chaley ought to be getting tired of karma fortunes by now.chaley ought to be getting tired of karma fortunes by now.chaley ought to be getting tired of karma fortunes by now.chaley ought to be getting tired of karma fortunes by now.chaley ought to be getting tired of karma fortunes by now.chaley ought to be getting tired of karma fortunes by now.chaley ought to be getting tired of karma fortunes by now.
 
chaley's Avatar
 
Posts: 9,836
Karma: 3190480
Join Date: Jan 2010
Location: UK
Device: Reader
Quote:
Originally Posted by stumped View Post
So anyone who was already using Gmail, like me, is unaffected ?
Apparently.
Quote:
And the workaround works because Google acts as an intermediary, but is only willing to do that for Gmail, not for other email services ?
Google acts as the authorising agent, certifying that the username (email address) and password are valid. Dropbox accepts that certification then looks into its account list (list of email addresses) for the certified email. If dropbox finds it then it lets you in.

This works with CC because it uses a different "flow" than dropbox's own email/password authentication. There is of course no guarantee that it will continue to work.
Quote:
I have never liked or understood or fully trusted the sign into X with Y ( where y = Google r Facebook or whoever) process. I do it out of laziness for unimportant stuff to avoid having to create new credentials, but I like to think that Google can't read my Dropbox and Dropbox can't read my Gmail... Maybe I am hopelessly naive !
Dropbox asks Google for permission to read your contacts. I think this is required so dropbox can get your email address, but I don't know that.

Authentication for service Y using service X doesn't automatically grant any privileges to Y for X. All it does is provide a cryptographic key that "proves" that X actually authenticated the user. The service is called OAUTH (Open AUTHentication). CC actually uses it when authenticating because the keys have a longer lifetime than a session.
chaley is offline   Reply With Quote