Monday, October 6, 2014

Why using a CNAME to dropbox is a bad idea

It might be an attractive option to use your own domain name for shared hosts like dropbox so that you would be using links of your own domain for file downloads giving it a branding. There are numerous methods to map your link locations from custom domain to the file hosts like dropbox. Using a RewriteEngine from Apache if you have a webhost or google app engine to map the URLs is the best option.

But on the other hand, if you try to take a shortcut and directly CNAME a subdomain to dl.dropbox.com, your URLs will not only still look complex but also create a flaw that will compromise your domain name.

How? Unless the target is especially mapping your domain name to your files / URLs like in case of blogger.com or bit.ly which use one to one mapping, a CNAME means your specified subdomain is an alias of the target. When one to one mapping is present, the invalid links are directed to a 404 page by the host (say blogger). But when the target is not managing the targeted alias, like in case of dropbox, your subdomain becomes a complete copy of whatever exists on the target domain; the alias subdomain will also have concurrent links to those files. If they are actual html files a search engine will even give you a duplicate penalty if it links both files. Since we are only considering temporary downloadable files here (which we are not linking using the dropbox link and the custom link both at the same time), we will ignore the SEO impact.

The flaw with being a complete copy of a domain (without proper mapping) is that any one who uses dropbox can also use your alias subdomain to share files as it links to whatever dl.dropbox.com links to. Now a hacker can serve malicious files via your subdomain to attack unsuspecting users and eventually get your subdomain blacklisted with anti-viruses or safe browsing services (maybe even with the search engines).

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.