Help

This Product Ideas board is currently undergoing updates, but please continue to submit your ideas.

Document Attachment URLs are not Secure

cancel
Showing results for 
Search instead for 
Did you mean: 
Kevin_Kinkade
5 - Automation Enthusiast
5 - Automation Enthusiast

It seems like attachments that are uploaded are not very secure (because when the document is uploaded to the web, anyone who knows the URL can access and download the document). I understand that there is some security around the idea that it is unlikely someone could guess the correct URL, but it still worries me enough to not want to upload anything sensitive as an attachment. I would like it if the URL does not work unless a user who is authorized to collaborate on a specified Base is logged in on their browser.

1 Comment
Katherine_Duh
10 - Mercury
10 - Mercury

Security is of the utmost priority here at Airtable, and we want you to feel fully comfortable using the product. Here’s some context on our current implementation of file URLs.

As you’ve said, accessing the link to an image stored in Airtable does not currently require a login. This is the current expected behavior: by design, the URL has enough random characters in it to be as unguessable as a strong password, so there’s no risk of an attacker being able to randomly guess the URL. The approach of using a public CDN for file attachments is used by numerous other cloud-based applications (e.g. Google Photos). Here’s an article about this: https://www.theverge.com/2015/6/23/8830977/google-photos-security-public-url-privacy-protected

I hope that helps!