Help

This Product Ideas board is currently undergoing updates, but please continue to submit your ideas.

MAJOR SECURITY HOLE IN AIRTABLE: Any collaborator (even read-only collaborators) can steal 100% of your data with one click

cancel
Showing results forย 
Search instead forย 
Did you mean:ย 
ScottWorld
18 - Pluto
18 - Pluto

This thread made me realize that we should probably have an option to PREVENT collaborators (particularly read-only collaborators) from being able to easily duplicate an entire base.

When we share read-only links to bases or views, we have that option that we can uncheck that says: โ€œAllow viewers to copy the data in this baseโ€ or โ€œAllow viewers to copy data out of this viewโ€.

But it would be nice if we had that same feature for collaborators.

48 Comments
ScottWorld
18 - Pluto
18 - Pluto

Hahaha! Bill, thatโ€™s a solid 7.5 difference!! How did you accomplish this amazing feat!?!? :stuck_out_tongue_winking_eye: I have several friends who would love to learn this trick from you! :winking_face:

My answer to your overarching question is this, and I apologize if I havenโ€™t made this clear earlier:

  • All collaborators, even read-only collaborators, can instantly download an entire table as a CSV file. But โ€” drum roll, please โ€” all of those dl.airtable.com links are a part of the CSV file. Those are the underlying URLโ€™s that have no protection. So, with one click of the mouse button, any collaborator (even a read-only collaborator) has access to ALL the underlying unprotected URLโ€™s in the entire table.

And THIS is the crux of the problem. Itโ€™s actually tied into the other security issues, which is that read-only collaborators can instantly download an entire table (or duplicate an entire base) with one click.

In essence, Stacker solves the majority of these security issues, because collaborators can only grab ONE underlying URL at a time.

None of this is probably that big of a deal for MOST people. I just donโ€™t like losing business due to security issues like this. :stuck_out_tongue: And I know that Airtable probably doesnโ€™t like losing business, either. But when I get calls from law firms that ask me โ€œHow safe our are attachments in Airtable?โ€, I have to go down this whole rabbit hole with them and explain these potential issues.

p.s. Regarding Google, good point about how the link actually IS public when choosing that one option that they provide to people. Many people donโ€™t realize that when they choose that option.

Bill_French
17 - Neptune
17 - Neptune

Indeed. I handle this a bit differently. I simply say -

It is not unlike the exposure most businesses currently endure with G-Suite.

Two quick side-bar commentsโ€ฆ

  1. If security is critical, attachments are not where you want to place sensitive documents.
  2. Any business attempting to blend sensitive documents into their data should consider hosting them by reference (URL), not value (copies of the sensitive documents).

As to #2 - a secure document in Google Drive will require authentication even when published in a fully open database in Airtable. Making copies of any sensitive information should always be guided by business policy which for most firms, it is frowned upon.

As to #1, Airtable made attachments very flexible because document management is a difficult science; they built what we (generally) asked them to build.

We cannot blame Airtable for these constraints or unintended uses of the product. At some point, users must take responsibility because Airtable has provided a reasoned and relatively secure collection of protective measures to make safe applications.

Correct. They donโ€™t, just as Airtable users generally donโ€™t understand the underlying loosely-configured mechanics. And given this, when was the last time Google was hauled into CNBC to explain why sensitive Drive documents were breached? 2006 to date and not a single instance. Same for Airtable - 2015 to date; not a single instance.

Thank you. Like I said - I cannot explain it. 38+yrs of marriage and so far sheโ€™s exhibited no interest in fleeing. From time-to-time she has mentioned that sentiment could change.

Mike_Mauer
6 - Interface Innovator
6 - Interface Innovator

I can confirm that Stacker is indeed absolutely incredible and user permissions is one of the main reasons I use it.

You noted the cost, but for many enterprise applications itโ€™s cheaper since it doesnโ€™t charge per user.

So my setup is a small team of database administrators using Airtable, while the rest of my clients use Stacker.

itoldusoandso
10 - Mercury
10 - Mercury

One of the solutions I could think of is when AirTable database is shared with a collaborator, the collaborator works on the same data, however, the links would be completely different for the same document.

In other words, if the owner would look at the document link, the link would be different than the link to the same document that the collaborator would see. Yet, both links would point to the same document.

When the owner decides to stop sharing the database, the collaboratorโ€™s version of the links will be dead going to nowhere.

Added benefit would be traceability to see if somebody is downloading the attachments from the collaboratorโ€™s database in a batch.

Secondly, an adjustment AirTable could do is to fine-tune what an editor and collaborator is allowed or not allowed to do (see the links or not see them, allow 3rd party apps like Zapier to see the links in the collaboratorโ€™s version of the database or not allow to see them).

Maybe this could save the sheep and feed the wolf.

The only way to achieve 100% security model the way listed in the OPโ€™s AirTable Security Manifesto would be to require login (or be logged in) every time anybody tries to access a document in AirTable.

Not only would this mean some inconvenience (and break functionality like described earlier) but even AirTable wouldnโ€™t work as expected. Take for example the Gallery view. One of the useful ways that Gallery appears to being promoted by some perhaps to offer an a view of the data to the external world (e.g. customers for instance).

In my case, I turned the Gallery view to my private Classified site / eStore. I am even intending to add payment links to it through Zapier or similar. My idea is to turn AirTable to a poor manโ€™s version of Pinterest / OfferUp.

If somebody wants to make copies of all the attachments, they could do that with a web-crawler.

So to summarize my view:

For AirTable to satisfy both the sheep and the wolf, they would need to fine-tune whether collaborators and viewers are able or note able to make a copy of the database, export database, access through Zapier, see links. Secondly, if people I trust have access to the links, the links should be unique to the person I shared with (regardless whether the links can be accessed by logging in or without logging in to AirTable).

Lastly, for all those other situations where people potentially have copy to the data in AirTableโ€ฆ well there are NDA agreements. In particular, if AirTable generated version of links that is unique to the individual I share with, that information would point to the particular individual who had misused that (download log in AirTable or something similar).

ScottWorld
18 - Pluto
18 - Pluto

This is such a fantastic idea! And such an easy solution, too! :slightly_smiling_face:

I hope that Airtable is listening to your suggestions.

Bill_French
17 - Neptune
17 - Neptune

This concept has been around for a long time and is ostensibly a โ€œsigned URLโ€ - a URL that is distinct and immutable for a given user and often for a specific time period. Links like this should also have a shelf-life that can easily be controlled with an expiration date or access duration. I recommended this to the team about a year ago.

itoldusoandso
10 - Mercury
10 - Mercury

And not far from going a full blown blockchain ethereum supported solution too :winking_face: And imagine you could now integrate micropayments too to get paid. Yay.

Paul_Warren
8 - Airtable Astronomer
8 - Airtable Astronomer

@ScottWorld, @Bill.French, @kuovonne,

I hope you three know how much I love and learn from reading your discussions. Thank you for keeping it civil yet heated :grinning_face_with_big_eyes: The collective knowledge and sincerity displayed on this forum is one of the best things about Airtable!