Re: No More Static URLs for Attachments?

Hi @ScottWorld!

I got my field names mixed up!

I thought the change would affect the attachment field type, I believe this change will affect the URL field type.

Back to your reply, it seems that Google has made a change, recently, regarding the number of images that can be downloaded to third parties, such as Airtable.

I am planning to contact support to find out more details.

My Google Workspace has a alot storage available.

Mary

Google has always had quota limitations for “hosted” files; both numbers (400,000) and aggregate sizes. By “hosted”, they mean anything exposed for openly accessible web requests. They also have real-time metrics that defend their servers from abuse. So even if you are within the quotas, you could find uploads cease to function depending on request demands for your collection of publicly shared documents.

Airtable’s CDN access was not so advanced and likely one reason they had to stop the bleeding. Think it through - if any vendor offered free hosting for content, they would be faced with massive abuse.

I’d love Airtable to create a attachment field type that provides the static URL for the attachments. That way those who need the security can have it, and those who need the public access also can have it. I worry this is more about storage and file hosting costs than security…

@VillageCo I totally agree that this would have been the best way for Airtable to handle this. It’s a shame that they took the “scorched earth” approach to this situation. I would highly recommend sending your thoughts to support@airtable.com.

That’s what they provide now. If they were to leave the current functionality and allow users to opt into that behaviour, there would be very few takers; they would continue to assert an insecure behaviour and Wall Street and every enterprise customer would frown on the lack of security.

Signed URLs (which have a shelf life) are the only way to assert any degree of secure access to publically addressable content.

Worry or not this architectural change is about all of these requirements; hosting costs, performance, security, formulas, SDKs - a broad reach and depth into all aspects of their service.

Describe for me how “this way” is any different from what they offer today? Not following.

Currently, attachment links never expire. Giving users the choice to delete links or leave them alone would be ideal. Just like how you can share a view with someone and then delete the link when you don’t want it shared anymore.

Your analogy is irrelevant. In the case of attachments, you are describing a very big collection of shared “things”. View’s a generally finite and few in number. Furthermore, they are individually shared through manual process. Can you imagine a UI for attachments that required you to individually assign each image?

And that’s what you want? This is no different, so you are basically advocating no change. Did I mistakenly assume you really cared about security? :winking_face:

Okay - I understood that, but wouldn’t the entire user base who wants to continue to use Airtable as an accidental back-end CDN continue to do that, thus creating a load on Airtable that is abusive and likely to raise everyone’s costs?

Security is not the only element in the equation. In fact, it’s probably not the primary element that needed to be solved. Obfuscated URLs presently do a fair job at concealing content from the public. But Airtable has become the web host for millions of documents and this is what they’re trying to end.

Making it optional is like making ice cream [optionally] free; everyone will take as much as they can.