Should a Web Application File URL Have Public or Private Access
-
18-03-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I am debating whether to give my files a public url or a limited private one.
I am hosting various files for a mobile/web application. These will include product images and videos. Currently only authorized users can access this application, and so the files are private. However, I suppose users may want to directly share the file URLs with other users who are not authorized users so they can view them directly (eg through a web browser).
Currently the files are on an AWS S3 bucket (which has no public access) files are given a public url that expires after a short period of time (eg hours). By following this system we also avoid DOS attacks on our S3 bucket.
Am I missing any major reasons to make them public vs private (and the other way around)?
I noticed that facebook used to have persistent file urls for user photos across their CDN, but now they are only valid for an authenticated user (I haven't tested their persistence over time).
Solution
I think Facebook restricted images to authenticated users in an effort to stop "screen scraping" by unknown actors. This also verifies that an image can only be viewed under strict business rules (friends, friends of friends, etc.).
By "public URL", do you mean you have a signature as part of the URL that causes it to expire after a certain time or do you have a token that kills the link when the user's session expires? If the link is still active after a user logs out, even for a short while, that could pose a security risk.
If you've been asked for the ability to share files without the need for a user login, you might consider applying a passcode at the very least to access the file. Otherwise, you're sending a file into the wild to be accessed by whomever has the link without any authentication at all. Not sure what kind of content you're dealing with, but if the file contains personally identifiable information (PII data), that's another security risk.
You should also consider a way to kill any file link immediately by the user in the case that something was sent out that shouldn't have been.
Might bear discussing this further with your IT team to iron out the rules for allowing non-authenticated file access.
