Is there a way to disable direct link to box.com on a widget interface?

Occasional Contributor

Is there a way to disable direct link to box.com on a widget interface?

We are using box.com embed widget to share files on our website. However, the name of the folder for which this widget was generated is a link to the folder on box.com. Anyone can share this link with anyone and they can see the contents of that folder. Is there a way to hide that link (folder name) on a widget interface as it is a security breach for our organization? Is SSO the only way to prevent users who have access to the widget link to navigate directly to our box.com folder and access contents?

 

thank you all in advance for your answers!

 

 

2 REPLIES
Box Certified Professional

Re: Is there a way to disable direct link to box.com on a widget interface?

@marinagulakova,

 

The permissions set in the shared link for the embed widget should be the permissions you want for that folder. If you don't want it available publicly it should be a more restricted sharing level. Having said that, if you must make it an open link because the people visiting your website are not part of your organization, then you will have to consider other methods. You could password protect it and just share that password with the visitors on the page. I am, of course, assuming you have other protections on the page itself, otherwise the question is moot.

 

Perhaps you can give more details and other solutions might present themselves.

 

Bob

Indiana University
University Information Technology Services
2709 E. Tenth Street Bloomington, IN 47408
Occasional Contributor

Re: Is there a way to disable direct link to box.com on a widget interface?

@BobFlynn-IU,

 

The page where the widget is available is for registered users. However, the link on the widget itself takes users to the folder on box.com directly. So, that link can be easily shared and the content is publicly available. 

 

From everything that I've read so far about box.com it appears that the only choice we have to restrict the content's usage is through SSO or through api calls. 

Users online (382)