draw.io Google Drive permissions

[Paul Nickerson]

Hello,

I recently connected a Google Drive account with diagrams.net. For the draw.io viewer, it asked for permission to have access to every file/folder on my Google Drive account. Much of the content in my Drive is very sensitive, and I am concerned about privacy. If I accepted the permission, is it theoretically possible that a hacker who compromised the diagrams.net service could access files in my Drive?

Thank you,

Paul

[diagrams.net Q&A]

Yes and no. You're only authenicated to your Google account in your browser and no server holds your authenication token. That said, if someone deployed a malicious build they could send your data back up to the deployment server and then transmit it elsewhere.

We do have safeguards against a malicious build. If what is deployed didn't match what we think should be deployed, we'd be notified. This is part of the process of us working towards SOC 2 Type II. That said, the viewer isn't really critical anyway, why were you thinking to enable that?

[Amrik Cooper]

I have the same concern as Paul. I really like diagrams.net, but unfortunately I can't get my organisation to accept the draw.io viewer permissions as they are. Ideally, the draw.io viewer would request permission for each file each time a link is opened. Failing that, permission per file, per user should be requested, but blanket access (even if non-destructive) is just not something we're comfortable with.

Agreed, the viewer is not critical, but it is a great convenience for sharing and prototyping.

[diagrams.net Q&A]

The problem is the more restrictive scope is "allow the app to open files that have already been opened using the app" (re-wording mine). So, if the user has never opened the file from drive.google.com into diagrams.net they will see a permissions error until they go and do exactly that.

We'd then have the support load of "why is this broken?" (or your IT would).

These are the only two options, Google doesn't offer another mechanism for third-party apps.

[Amrik Cooper]

Hi, thanks for the response! Ah, that makes sense — and a great pity that Google has not catered for least privilege access in this scenario. I'll share this internally, but I'm not hopeful this will mean much.

I can still however user diagrams.net without the publishing feature though. 

[Nathan Thompson]

Same issue here. It makes sense that the default behavior is full access to Google Drive, but it would be great to have a toggle option to use the more restrictive scope.