Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Filenames of exported files can be guessed #336

Open
raffomania opened this issue Jan 24, 2024 · 0 comments
Open

Filenames of exported files can be guessed #336

raffomania opened this issue Jan 24, 2024 · 0 comments
Assignees
@raffomania

Comments

@raffomania
Copy link
Contributor

For exported zip files, we use names like "user_{user_id}_memos_export". This naming convention makes it easy for other users to guess filenames of exported files and download exported data they should not have any access to.

Proposal for a fix: For each export job, create a subdirectory named after the export job ID, leading to a URL like this: /temporary_files/e54a4181-6f17-4520-b505-364c687bd606/user_1_memos_export. This URL is almost impossible to guess while still giving downloaded files a nice and descriptive name.
@raffomania raffomania self-assigned this Jan 26, 2024
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees

@raffomania raffomania

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@raffomania