Help shape the future of Box
Welcome to Box Pulse, our product feedback tool powered by UserVoice. Got an idea for how to improve Box? Share it with us and gather support or vote on other people's ideas. Your feedback is essential to informing roadmap decisions and shaping the future of our products. Thanks for joining our community!
See user guide here.
378 results found
-
SSO Required - API authorize endpoint behavior not consistent with Core Box
USAF is developing a custom iOS app on Box requiring USAF internal users to authenticate into the app via SSO. With "SSO Required" turned ON, the app redirects users to the Box login page and not the SSO login page on invoking the Box authorize API endpoint. This seems not to be consistent with the Core Box "SSO Required" flow
More details including user flow illustration in the ticket.
JIRA ticket - https://jira.inside-box.net/browse/BOX-2059301 vote -
1 vote
-
Enable passphrases instead of only complex passwords
We enabled the Box strong password policy for 3rd parties; however, it does not permit passphrases. In the CASB pilot, when I accepted an invite to collaborate on my personal Box account, Diageo Box required me to change my 15 character passphrase to a complex password. That will be a problem for any 3rd parties using passphrases. Therefore we should turn that policy OFF.
1 voteIf we understand that users may prefer passphrases instead of password this is not something that we plan to deliver in the near future.
-
Add action option for Content Security policy
add another action option to the 'Then take the action(s)' section under Content Security Policies. It would be useful if one of the available actions was to disable the users account/set it to inactive automatically if the account were to violate the content security policy.
1 vote -
1 vote
-
Limited access to external collaborators on file & folder
Dear Team, I want to give access to my auditor some file. However I do not want them to edit, save , download or print screen any documents.
How to do this ?
1 vote -
Convert all notification email contain "app.box.com" link to "ent.box.com" under BVE
Some notification email such as "Email Uploads completed" contain "app.box.com" link even for enterprises that have Box Verified Enterprise enabled.
They should be converted to "ent.box.com" link in order to access them from Internal network.
1 vote -
Block end user password reset for SSO users
In our environment, we enforce SSO, however users can still go into their user settings to reset their password and change the password. My understanding is that this password is only usable for FTP access, but it is confusing for users and we do not use the FTP functionality. Block end user password reset for SSO users
1 vote -
Create Outlook anomaly detection
Build out an Outlook feature or compatible security product that can impose rules on content categories that can alert the appropriate individuals of anomalies or misuse before the file leaves the company’s boundaries in the email program.
1 vote -
Last Mile File Security (When moved out of Box)
Last Mile File Security (When moved out of Box)
Box is a reasonably safe platform for file security. However, when a file moves or downloads out to a user device it drops the security controls in box.
Can there be control when the file of specific classification moves out, the downloaded copy of the file is encrypted and open to the recipient only after box authentication.
1 vote -
GDPR- PII Detection
Increase PII detection templates from just three Social Security no, Credit card and Custom text to more as offered by other DLP products in the marketplace.
In addition to real-time detection, also allow discovery of the legacy data utilizing the same templates. Notification on detection could include an on-screen warning/ policy tip in addition to email and file quarantine options etc.
1 vote -
limit deletions
My staff need the ability to upload & download various files, but I don't want them (or me!) to have the ability to delete large swathes of my database. I can't find a way to limit this, in Box
1 vote -
Security Issue: File can be downloaded without permission
Dears,
Per the "Previewer" role definition the user can not download the file, only see the preview of the file.
Actually it seems it is supereasy to download the file if you copy the url of content?preview=true....... initator pdf.min.js:631 type: fetch.I hope this helps, pls let me know if you need more deatils.
Thanks!
Csaba1 vote -
Limit which applications can be used for non-trusted pc's
I'd like the ability to limit which applications can be used to open files for non-trusted pc's (and mac's). I'd like to limit non-domain pc's to open files using Office online applications, but not using Office clients installed on the PC directly. The goal is to remove the ability for non-domain pc's to continue editing files, but not have them stored locally in any way.
1 vote -
need to edit files but not change folder nae
I need the ability to give users permissions so that they can upload files, edit files, delete files but not be able to change the folder name that those files are in. I'm going to use Skysync to move files there and the process will break if someone changes the folder name. Right now i don't think i can do this.
1 vote -
Copy only - access level so collaborator cannot move files.
Create an access level that allows a collaborator to copy a file to a different location without having to give them the editor access level.
1 vote -
password
While creating an account !1Password 1! is a good password and 3904kjldfxkl2039!jkljerdf903jkdfjkljkld323rehfljkdfsklewiopertio is weak. NIST recommends not relying on using specific combinations of upper, lower, alpha etc to determine strong passwords but length.
1 vote -
Score A+ on securityheaders.com
box.com currently scores a B on securityheaders.com:
https://securityheaders.com/?q=box.com&followRedirects=onPlease implement the missing security headers to score A+.
1 vote -
OCSP stapling
Please add support for OCSP stapling. This will speed up connections to box.com and help protect the users' privacy by eliminating the need for them to contact certificate authorities to check the revocation status of box.com's certificate.
When box.com replaces its current certificate, please consider getting one that specifies OCSP Must-Staple.
1 vote -
Harden the TLS configuration
Please consider doing the following:
• Add support for TLS 1.3
• Drop support for weak cipher suites that are used for TLS 1.2
• Drop support for TLS 1.1For more information, see the results of the Qualys SSL Server Test:
https://www.ssllabs.com/ssltest/analyze.html?d=box.com1 vote
- Don't see your idea?