-
Notifications
You must be signed in to change notification settings - Fork 141
New issue
Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? # to your account
Allow use of pre-signed URLs with s3 #159
Comments
The extremely long random URLs do provide a high level of security with a (probably overkill) 256 byte / 512 character / ~2000 bits of entropy secret. If there are exploitable attacks on this system, please let us know and we will address them. That said, we would definitely accept a PR adding this functionality as an option for additional control over the length of time the URL can be served. We considered it and opted not to use it by default because it meant that older messages in Slack would be very likely to have broken images that would confuse users, so it's not a good default experience. I would actually prefer the default option to be storing the images in Slack directly, but there are some API limitations preventing that from working well for this use case. |
@wilg I understand your perspective and unfortunately it sounds like there is no great solution. I also would prefer it to be an attachment as it side steps these issues all together. Unfortunately we will not be able to implement this without pre signed URLs as we have a policy that does not allow public s3 access for anything that is not considered public domain. If we limited it to a smaller time frame it would mitigate the concern as you pointed out the likelihood is not very high but its risk is high enough (given infinite time) that it still needs additional mitigations for any confidential material. If it were in a backend language I was familiar with I would submit a PR but learning typescript is pretty low on the list of languages I want to spend my time learning. |
Looking at the code it requires the images to be publicly accessible, while much of the data we have in looker is OK to be public there is some data that is confidential in nature. We would like to leverage AWS pre signed URLs so its only accessible by those who have the link and we could control how long it is public for. Realistically we only need it long enough for slack to grab the preview so reducing the time window of exposure could help in this regard.
The text was updated successfully, but these errors were encountered: