File Drop - Convenient and secure file exchange for Enterprises

Originally published at: File Drop - Convenient and secure file exchange for Enterprises - Nextcloud

The File Drop feature in Nextcloud Files enables customers, patients, clients or partners to upload files for you in a secure cloud folder you shared through a link.

Easy and personal

Send files and folders with just a few clicks to one or multiple customers. Create personal links for them to upload data to you.

Ultimate security

Files are securely transferred and stored on your own infrastructure, without any third party ever gaining access.

IT stays in control

The IT department enforces rules and limitations on password & expiration dates, access by IP, file type or size and more.

How it works

To create an upload link, select any file, enable ‘file upload’ and then choose ‘File Drop (upload only)’. When set up, it hides all other existing content of the folder from the share recipient, providing a 100% secure upload.

You can now share this link to your customer, partner or user!

Your client will then be able to upload files to your server in a secure and easy manner. When the client uploads a file, you will receive a notification of new files in your upload folder and proceed to process the data. At the end, you provide the result in a separate folder for your client to download securely. At all time your data and your client’s is protected by industry-leading security measures!

Under your control

The system administrator can rest assured that all interactions follow the rules and requirements set by the company with regards to passwords, expiration dates and of course the limitations enforced by the Nextcloud File Access Control feature.

Data remains, at all times, on-premise, under full authority of IT. File Drop supports a wide range of storage technologies including NFS, SMB and Windows Network Drive, Sharepoint, Object Storage and many more.

Unique links for each customer

Rather than creating a random upload link, you can also have customized links by entering a customer email address and then enabling File Drop (upload only). Your client will receive an email with instructions on where to securely upload their files and, if you chose to add one, the password in a separate email. You can have both a shared link and multiple, unique email links that each come with their own password, expiration date and access rights. The password email can be disabled in the admin sharing settings for even more security-sensitive data where a secure second channel (like a secure video call) has to be used for the password.

Key features

  • Attractive, easy interface
  • Unlimited shares and upload folders
  • Show/hide existing files
  • Edit/rename without link change
  • (Push) notifications
  • pdf/video/image preview
  • Templated sharing emails
  • Mobile and desktop clients
  • Read only/write permissions
  • File retention
  • Comprehensive audit tracking
  • Anti-virus scanning
  • Password protection
  • Expiration date
  • Encryption at rest & in transit
  • Data remains on-premise
  • Your own server = under your control
  • HIPAA, GLBA, NERC CIP, SOX, PCI compliance

Serving your needs

Nextcloud is committed to provide technology that is a perfect fit for your organization!

Healthcare

Nextcloud provides the highest security for protected health data.

Education

Nextcloud has unique features for research and academic institutions.

Financial services

Nextcloud delivers confidentiality, security and compliance.

Government

Nextcloud offers the ultimate control to protect digital sovereignty in Government.

Global scale

Scale Nextcloud to hundreds of millions of users at commodity cost.

Media and advertising

Nextcloud provides easy and efficient collaboration on large files.

Lawyers and notaries

Nextcloud assures your clients that their documents stay 100% confidential.

Construction and manufacturing

Nextcloud has the easy, efficient UI engineers need to deliver on time.

Secure your file exchange with clients right now.

Request a trial

1 Like

Thank you for File Drop. But maybe you can move File Drop on the next level.

I think this is far too cumbersome. Why not just create a link similar to Nextcloud Polls login where the customer can enter the name and it will automatically create an individual upload share for exact that name and folder. The customer can copy it for further use if wanted. That saves you all the email hassle and works more like Nextcloud Polls for hundreds of File Drops with only one first link. Because only upload is possible there is no security risk. Anyone who sees a risk should also not use the old File Drop.

I fully agree. For our small business we store client files but also need clients to provide files for us to work on. So creating a link per file is unusable. In the ideal world I could create a folder structure where the client can see but not edit their files we store and also upload files for us.
An auto alert that new files have been uploaded would also be essential for this tool to work.

1 Like

In the Custom permissions you can set e.g. Read, Upload and not Edit and not Delete see here. This prevents a previously uploaded file from being overwritten.

Maybe you can use Workflow external scripts.

But that solves not the real (my) problem. Furthermore, a separate share must be created manually for each customer. If Nextcloud can’t make coffee for me, it should at least automatically create and manage shares based on customer input. I already find that Nextcloud could support me in my laziness. :coffee:

Please be aware of a rather scary security flaw with this feature!
If the file drop share is created with the API, then despite setting the permissions to “file drop” only, the link created gives full read/write!

@tfboy
Sorry i can not really understand this. Can you explain it or can you post a website, issue, …?

It would be nice if file drop finally had chunking implemented after all these years…

Hi @devnull ,
This is an issue I discovered a month or so ago investigating implementing Nextcloud as a file drop platform leveraging an API to manage the shares.
Nextcloud does this well, but has one major security flaw: ther permissions requested in the API are not respected and full access is given.

Edit: I did post about it here: OCS Share API options and defining permissions - bug ?!?

I did also post the issue Hackerone on 27th April, but still no response…
https://hackerone.com/reports/1963634

1 Like

Does the Enterprise version of Nextcloud not support this? I’ve played around with the settings on my home version and it works fine, even for shares and uploads via a web browser.

Please read the issue linked above as to why. No, chunked upload has not been added.