Attachment Storage and Security FLAW

Ron_Friedman · ‎May 03, 2019

I’m not sure exactly where to post this, but I would like suggestions from the community how to handle stored attachments that may need to be deleted. I found a bug, but Airtable Support is calling it ‘normal’, so not a bug. I will call it a flaw.

When an Attachment is added to an attachment field, and the URL to that attachment is shared externally (we use Zapier to share links to PDF Proofs, contracts, invoices etc) then send an SMTP zap email with embedded links to the attachments to clients. If there are subsequent updates to the attachments, then we delete the attachments in the Base, and place the new updated version in the attachment field and send with the new URL link to access. HERE IS THE “FLAW”. Airtable is NOT actually deleting the file. In fact not only is the private file still being stored on Airtable, but the original URL link to the attachment that had previously been 'DELETED" by the DELETE KEY, is in fact still accessible. Via the original link to the previously deleted file.

We discovered this 1 week ago, tested it again, and then I sent a support ticket to Airtable support 1 week ago.

As per Support response (Which took 6 days to receive an acknowledgement and an answer) " Apologies for the delayed response here – I wanted to sync up with engineering on this to ensure I was providing you a correct answer.

This is currently expected behavior in Airtable, and is not something we plan to “fix,” although we may consider adjusting how this works in the longer term. Feel free to let me know where this is causing issues in your process, and I can take this back to the product team for their consideration when they revisit attachment storage in the future.

Sorry I can’t be more helpful here!

All the best,
Jacob

Does external access to assumed deleted data/files cause problems or worse liability for you or your clients?
Do you have suggestions on how to actually HARD DELETE attachments?

As a work around we are implementing using a new URL Field for files that need to be shared, and actually storing attachment files, that we need to give outside access to, a link to a Dropbox or Google Drive files.

If you also see this a possible compliance problem, and or would like to see Airtable address this very sensitive privacy issue, please let Airtable support know your concerns.

Thank you.

JonathanBowen · ‎May 03, 2019

HI @Ron_Friedman - yes, by chance I spotted the same this week when looking at something on the community. See my post here:

I was so bothered about it I went back and obscured the pdf link, even though there was nothing in the file except the word “Example” - it just didn’t seem right to me that this was “out there” forever. I couldn’t see a way to delete it and your reply from Airtable support confirms this. I’ve just tried to access the file again now and, of course, it is still there. The record has gone, the base has gone, but the file lives on. Seems like there’s a lot of possibilities to give someone the wrong link and have no way to correct this. Presumably, Airtable support could delete the file if asked, but that’s not a scalable way to fix an issue like this. Your idea to use an external file share like Dropbox or Google Drive seems like the right one for all but the most public-facing of documents.

JB