Help shape the future of Box
Welcome to Box Pulse, our product feedback tool powered by UserVoice. Got an idea for how to improve Box? Share it with us and gather support or vote on other people's ideas. Your feedback is essential to informing roadmap decisions and shaping the future of our products. Thanks for joining our community!
See user guide here.
402 results found
-
Customer Privacy
I noticed a bug in your system. You can set permissions so that users cannot see other users. However, I discovered a loophole that would compromise this and allow users to access other user's personal information like email addresses. When typing an email on the comments section, it will display other user's email addresses even when those permission are set off. I was told by a Box customer service rep that there is no way to set user permissions and avoid that customer privacy problem.
3 votes -
Harden the TLS configuration
Please consider doing the following:
• Add support for TLS 1.3
• Drop support for weak cipher suites that are used for TLS 1.2
• Drop support for TLS 1.1For more information, see the results of the Qualys SSL Server Test:
https://www.ssllabs.com/ssltest/analyze.html?d=box.com1 vote -
need to edit files but not change folder nae
I need the ability to give users permissions so that they can upload files, edit files, delete files but not be able to change the folder name that those files are in. I'm going to use Skysync to move files there and the process will break if someone changes the folder name. Right now i don't think i can do this.
1 vote -
Change the default security of a shared link, to "People in this file" or "People in this folder" rather than "Anyone with the link"
Change the default security of a shared link, to "People in this file" or "People in this folder" rather than "Anyone with the link" (which is the current default).
Whenever a shared link is created in box, the default access permission assigned to the new Shared Link, is "Anyone with the link" unless Account-level permissions are specifically changed by a knowledgeable user. This is not a secure choice at all. It's too easy to create a large number of Shared Links which, by default, are open to absolutely anyone in the entire world to whom the link gets forwarded to.…
9 votes -
Copy only - access level so collaborator cannot move files.
Create an access level that allows a collaborator to copy a file to a different location without having to give them the editor access level.
1 vote -
Please enlarge images for "I am not a robot" selection
I have missed two selections due to poor visibility for my eyesight and encountered a timeout. Please enlarge images for "I am not a robot" selection. Thank you
3 votes -
User wants to be able to see Key ID for keysafe rotations.
User wants to be able to see Key ID for keysafe rotations. This will help validate the correct key they have in their systems.
3 votes -
Allow OAuth Consent Screen branding options
Provide OAuth Consent Screen branding options, which is already a functionality in dropbox and google
3 votes -
Customize watermark to include version, update date
I’d like to use the watermark or a similar feature to print the Version Number and Last Update Date on PowerPoint and PDF files. I understand you can view this in Version History, but I’d like to see it super-imposed on the content.
5 votes -
Sharing information with people outside my organization.
when a URL is shared to someone they will then have the ability to download. locking a file feature is available, unfortunately, it needs to be performed one by one. the ability to lock entire folders all at once would be very helpful.
2 votes -
10 votes
-
Better error message for device limits
If there is a device limit set, the error message when you try logging in from another device should read something similar to: You have reached the max number of devices
6 votes -
Choosing access permission of a user by the network (IP)
We want Box service to be able to control the access permission to the file within the same user by the access source (network, device, etc.).
Example:
-When accessed from an internal network, access permission is "Editor", and when accessed from an external network, this user becomes "Previewer".
-Although "Editor" can be performed from a corporate PC, only "Preview" can be performed from a private PC.3 votes -
Block users by geography
We'd like the ability to block users from accessing our Box environment from certain geographical areas, via a control in the admin console’s insights page (the geographic activity area).
7 votesWhile we like this idea, it is not currently planned at this time.
-
password
While creating an account !1Password 1! is a good password and 3904kjldfxkl2039!jkljerdf903jkdfjkljkld323rehfljkdfsklewiopertio is weak. NIST recommends not relying on using specific combinations of upper, lower, alpha etc to determine strong passwords but length.
1 vote -
Score A+ on securityheaders.com
box.com currently scores a B on securityheaders.com:
https://securityheaders.com/?q=box.com&followRedirects=onPlease implement the missing security headers to score A+.
1 vote -
OCSP stapling
Please add support for OCSP stapling. This will speed up connections to box.com and help protect the users' privacy by eliminating the need for them to contact certificate authorities to check the revocation status of box.com's certificate.
When box.com replaces its current certificate, please consider getting one that specifies OCSP Must-Staple.
1 vote -
Submit box.com for HSTS preloading
This will force users to connect to box.com over HTTPS if they attempt an insecure HTTP connection, even if it is their first time trying to visit box.com. box.com already uses HSTS, so HSTS preloading is the natural next step in improving security.
https://hstspreload.org/?domain=box.com1 vote -
Prevent internal users collaborating on external content
This would prevent the possibility that users might collaborate on content that they do not own and from uploading or sharing content into spaces not owned by their own organisation
3 votes -
Notify user of quarantined file actions
Notify user after a quarantined file has been released or deleted
4 votes
- Don't see your idea?