How does DragDrop Online work and how secure is it?

How does DragDrop Online work and how secure is it?

Our add-in detects when a drag action starts and is dragged outside Outlook on the web (OWA), it then requests the e-mail/attachment data from Outlook on the Web and saves a temp file of the message or attachment to the local temp folder of the user (%temp% – this folder is only accessible for that user by default).

After this we wireup the windows drag event with a pointer to the file instead of the office item so a browser will accept the drop and recognize it as a file.

On interval (default 30 minutes, but configurable by your sysadmin) the temp files are cleaned up. We do NOT transfer ANY data out of the user computer. The only transfer you will ever see is a web call over https (SSL/TLS) to our licensing system to activate and validate the license.

Please see a visual representation about the way DragDrop Online works:

Other questions we get about security:

  • Who has access to data?
    Only the user itself has access to the data.
  • Is the temporary file encrypted?
    If you want to encrypt the data, please do so on disk by enabling EFS or similar solutions.
  • Where is data stored?
    No storage outside the user’s machine is done, temporary files are saved in the user’s temp folder.