Help

This Product Ideas board is currently undergoing updates, but please continue to submit your ideas.

Document Attachment URLs are not Secure

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Kevin_Kinkade
5 - Automation Enthusiast
5 - Automation Enthusiast
‎Nov 29, 2018 03:16 PM

It seems like attachments that are uploaded are not very secure (because when the document is uploaded to the web, anyone who knows the URL can access and download the document). I understand that there is some security around the idea that it is unlikely someone could guess the correct URL, but it still worries me enough to not want to upload anything sensitive as an attachment. I would like it if the URL does not work unless a user who is authorized to collaborate on a specified Base is logged in on their browser.

See more ideas labeled with:
0 Kudos
Comment
1 Comment
Katherine_Duh
Airtable Alumni (Retired)
‎Nov 30, 2018 09:41 AM
‎Nov 30, 2018 09:41 AM

Security is of the utmost priority here at Airtable, and we want you to feel fully comfortable using the product. Here’s some context on our current implementation of file URLs.

As you’ve said, accessing the link to an image stored in Airtable does not currently require a login. This is the current expected behavior: by design, the URL has enough random characters in it to be as unguessable as a strong password, so there’s no risk of an attacker being able to randomly guess the URL. The approach of using a public CDN for file attachments is used by numerous other cloud-based applications (e.g. Google Photos). Here’s an article about this: https://www.theverge.com/2015/6/23/8830977/google-photos-security-public-url-privacy-protected

I hope that helps!

Copyright © 2024 Khoros, LLC