Why does Download CSV upload my attachments to a publicly accessible URL by default?


I was experimenting with different ways to share a table with a client. I was quite alarmed when I tried “Download CSV”, and the attachments, many containing private/sensitive data, were uploaded to publicly accessible URLs by default without my consent.

Is no one else as concerned as I am about this default behaviour? To my mind, unless explicitly stated otherwise, export/download should be exclusively to the local device. Uploading to public URLs should be opt-in. As it functions now, Download CSV is actually “Download CSV and Upload Attachments to the Public Web.” This is a security issue, especially since the user is not given the option to turn it off or even warned about it.

Can someone please show me how to wipe/delete these attachments from the web?


Just speculating, but could it be that the attachments were always at public URLs and Download CSV didn’t do anything but expose them? If so, that’s even scarier. I really hope not.

Yes, looks like that’s the case: Attachment URLs are public?

This is quite disappointing. I wish I had known this earlier.

What is the point of restricting access to tables or views if any random person can view attachments if they get a hold of the URL?

This topic was solved and automatically closed 15 days after the last reply. New replies are no longer allowed.