It seems like attachments that are uploaded are not very secure (because when the document is uploaded to the web, anyone who knows the URL can access and download the document). I understand that there is some security around the idea that it is unlikely someone could guess the correct URL, but it still worries me enough to not want to upload anything sensitive as an attachment. I would like it if the URL does not work unless a user who is authorized to collaborate on a specified Base is logged in on their browser.
Page 1 / 1
Security is of the utmost priority here at Airtable, and we want you to feel fully comfortable using the product. Here’s some context on our current implementation of file URLs.
As you’ve said, accessing the link to an image stored in Airtable does not currently require a login. This is the current expected behavior: by design, the URL has enough random characters in it to be as unguessable as a strong password, so there’s no risk of an attacker being able to randomly guess the URL. The approach of using a public CDN for file attachments is used by numerous other cloud-based applications (e.g. Google Photos). Here’s an article about this: https://www.theverge.com/2015/6/23/8830977/google-photos-security-public-url-privacy-protected
I hope that helps!
Reply
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.