Frequently Asked Questions
DOES ODRIVE STORE MY FILES?
No. odrive never stores your files. All of your files remain within the storage service that you have linked to odrive.
HOW DOES ODRIVE INTERACT WITH MY STORAGE?
Linking and authorizing storage allows odrive to send requests to that service on your behalf. The odrive desktop client can then make these requests directly to your storage, providing storage management and syncing capabilities (listing, downloading, uploading, moving, deleting, etc..).
All communication is performed via encrypted transport (HTTPS/SSH)*
HOW DOES ODRIVE HANDLE AUTHORIZATION TO MY STORAGE
Authorization information is stored in the odrive service layer to allow users to use multiple clients across multiple systems, without having to re-authorize each system separately. This information is encrypted using AES in CBC mode.
odrive only stores the bare essential information for facilitating access across the various client interfaces (desktop, agents, and web client). For OAuth-capable services (Google Drive, Dropbox, Procore, Facebook, Box, Amazon Drive, OneDrive, Sharepoint, etc...) this means we are only storing the service-supplied tokens. odrive will never see your password or any other sensitive authentication information.
Most access tokens expire very quickly (usually within an hour). As the authorizing user, you have direct control over this information. This means that the encrypted tokens are deleted when unlinking a source from odrive. It also means that, at any time, you can render the tokens useless by revoking odrive access on the storage service. In either case, odrive will no longer have the ability to access your storage, in any way.
Legacy protocols (FTP, WebDAV, and SFTP) and utility storage like Amazon S3 do not make use of authorization schemes like OAuth, so storing the credentials is required. These are encrypted (AES-CBC) in our service layer. Encryption keys are always kept separate from the data. This information is immediately deleted if the storage service is unlinked from odrive.
WHEN IS ODRIVE COMMUNICATION TO LINKED STORAGE NOT DIRECT?
All interactions between the desktop client/agents and the linked sources are direct to the source except when using odrive Spaces. https://www.odrive.com/features/spaces
odrive Spaces allow you to share any folder with anyone, which requires a special data flow, with a strict security model. For odrive Spaces interactions, the raw data is streamed over end-to-end TLS encrypted transport from the source to the requesting client/user via an odrive proxy.
For odrive web client interactions to linked storage, the flow of communication can vary, depending on the integration type and the type of request. In some cases data may be passed through an odrive proxy as opposed to directly from the source. In these cases the raw data is being streamed over end-to-end TLS encrypted transport from the source to the requesting client/user via the odrive proxy.
Any time data is transported via an odrive proxy, none of the user data is retained or even cached, beyond the small stream buffer during the real-time streaming process.
HOW IS ACCESS TO MY STORAGE MANAGED?
odrive's access to storage is entirely dependent on the user who linked the storage. If the user has read-only permissions to a specific folder, then odrive will have read-only permissions to that folder. Likewise, if user access to the storage is taken away, odrive will no longer have any access or visibility into that storage.
WHAT INFRASTRUCTURE DOES ODRIVE USE FOR THE SERVICE LAYER?
odrive utilizes Google App Engine and Amazon Web Services
* For FTP links, if a user chooses to use FTP instead of FTPS then the communication will not be encrypted. odrive will default to FTPS, but users may choose to override this.
Updated almost 4 years ago