0

Preface:

I'm hoping to upgrade an existing application by adding cloud backup and syncing of the customers data. We want this to be as seamless as possible, but also for the customers only interface to the data to be via the applications front-end interface.

Our application can be connected to the oil pipe of a machine, collects data on the oil condition. When a test has completed we want to push this to the cloud. Because of the distinct test nature of the data (as opposed to one big trend) most IoT platforms don't suit very well, so we're aiming to release a slightly modified version of the application which doesn't have the connection to the sensors and this will be our remote front-end.

Since the existing application uses a relatively simple file structure to store it's data, if we simply replicate these files in the cloud, the remote front-end version can just download these to the same location and it'll work fine. Thus this has lead us to Dropbox (or any recommended more appropriate cloud storage system).

We hope to use the Dropbox API directly in our application to push and pull the files as necessary. All of this so far we believe is perfectly achievable.

Question: Is it possible - and if so how would we go about - to setup a user system with the below requirements

  • The users personal dropbox is not used
  • Dropbox is completely hidden from the user
  • The application vendor has a top level user who has access to all data (for analytic, we do not want to store confidential or sensitive data).
  • When the user logs in they only have access to their folder and any attackers could not disrupt the overall structure. (We understand that if an attacker got the master account then all is lost, but that is an internal issue to keep it secure. As long as the user accounts are isolated this is okay.)

Alternative Question Is anyone aware of a storage system or IoT system which would better suite this use case? We will still require backups/loss prevention as part of the service.

TheBeardedQuack
  • 449
  • 4
  • 15
  • If any additional information is needed I'm happy to add it onto the question. – TheBeardedQuack Mar 05 '18 at 14:49
  • It is technically possible to use the Dropbox API with just one Dropbox account, invisible to the end-user, but it's not recommended. There are some other similar posts, e.g., [this one](https://stackoverflow.com/questions/27834922/auto-login-dropbox-account-on-core-api-without-login-prompt). – Greg Mar 05 '18 at 17:39
  • I am aware of the security risks with a single access token, which for this application is a concern. This is why I would prefer to use a proper user credentials system but we ideally want to also hide the application data from the users Dropbox, and if possible avoid exposing Dropbox to the user at all. The only way I can think of doing this is potentially with a mail server to sign up users on accounts they don't know they have, for example username@myApp.myCompany.com and somehow automate the account confirmation and authorisation with the app. – TheBeardedQuack Mar 06 '18 at 14:49
  • Dropbox doesn't offer programmatic account creation, but I'll pass this along as a feature request. Also, note that scripting the site, e.g., for creating accounts, would be a violation of [the terms](https://www.dropbox.com/terms#acceptable_use). – Greg Mar 06 '18 at 15:08
  • Ah, it seems that it would. So since we'd prefer to avoid using a single sign-in embedded into the application, are their any other more suited services available? Something with tiered user accounts would be perfect but I'm struggling to find anything. – TheBeardedQuack Mar 08 '18 at 11:36

0 Answers0