Attachment Security

I’m trying to determine the level of risk associated with using Glide for storing confidential documents (to be accessible through a Glide-based client portal). I understand that there are steps that need to be taken when building the app to ensure that users are limited to seeing their own information, such as using row owners, avoiding hidden fields, etc. I’m more concerned about the security of uploaded files as it relates to non-app users. Where can learn more about the security of attachments uploaded via Glide?

Does Glide use non-expiring public URLs for attachments, similar to the old Airtable model prior to the recently announced change? Does it use expiring links? Something different?

Thanks!

Check this out

As I understand it, files uploaded through Glide are technically public. You can share the url outside of the app and it will still be accessible. The url is not easily guessable, but I wouldn’t consider it secure in the sense that you are asking.

As for expiration, the url will remain static and persistent until the url is removed from any and all tables. At that point, they are marked for deletion within 30 days I believe.

Thanks for sharing. I’ve gone through these documents, but they don’t address the attachments issue directly.

As Jeff said, if someone knows the URL for a file, it’s accessible.

However, if the row where you have a file is owned by a user, I think in that case the file it’s not publicly accessible? @Mark ?

Thanks Jeff. Do you recall where you found this information?

I just tried uploading a document using Glide, then deleting the document from Glide Tables (by deleting the entire row containing the relevant attachment field). The url appears to remain accessible even after the row containing the file is deleted from Glide tables. In other words, anything that you upload using Glide will remain accessible via that static link forever??? even after it is deleted. I’m not sure why this would be the case. It would seem to be in Glides best interest to remove deleted files completely so that they no longer need to store them, but it may be that I don’t understand how that storage works on the back end.

This is a potential security issue that was also present with Airtable until recently. They just announced that they would be ceasing this practice to improve security and would instead make all attachment links expire on a regular basis (I believe it would be every few hours).

I realize that the url is very long and difficult to guess, but I’m not very comfortable with those document links remaining indefinitely, especially after taking steps to delete the file from Glide Tables.

My previous workaround with Airtable and Stacker was to use Box url links that expire regularly. Just prior to expiration, I would replace the Box links with a new ones using Integromat, and then update the url (also via Integromat) in Airtable.

This works great with Airtable and Stacker, but I think that it would cause a problem in terms of the number of “updates” I’m consuming in Glide. I would run out of updates very quickly.

Do you have any idea who I may be able to speak with at Glide to determine whether the url links do in fact expire? If they expire on a regular basis, then I have no concerns.

I’m only basing this on personal experience, lots of reading, and my own understanding of how glide works

Like I mentioned in my first post, the file will remain for I believe up to 30 days…maybe less. I believe glide periodically checks if the url is still active in any tables, and eventually deletes the file if it’s not found to be used anywhere. I don’t know how often that process runs or when.

I’m not sure I agree with @eltintero that urls contained in rows under row ownership are protected any more than urls in rows that are not under row ownership. While it’s true that it would be harder for someone to snoop the underlying data if they don’t own it, I would still have to assume that the file is still publicly accessible if someone knows it.

Overall, I would say that urls definitely do not expire as long as that url is contained in a table that’s used by an app anywhere within glide.

I would have to defer to someone at glide or glide support to confirm all of this.

3 Likes

The file would be accessible but the URL of the file would not. So what @Jeff_Hager has said is correct. It would be a lot harder to get the URL but if it was obtained the file would be accessible.

1 Like

I can confirm what Jeff has said.

2 Likes

Thanks George. So just to confirm:

  1. The urls do not expire, as long as they are still being used in any Glide Table. The url would stay the same, and would never update.
  2. If you delete the item from Glide Tables, Glide will eventually delete the URL.

Assuming the above is correct, can you confirm the following:

  1. Is Glide considering moving to a more secure method of regularly expiring and refreshing attachment urls?
  2. Roughly how often does Glide look at the deleted items and remove the attachments so that they are truly deleted and no longer accessible at the former url?
  3. Will Glide be impacted as a result of Airtable’s move to using expiring urls on November 8, 2022? Will it affect the ability to access these attachments through a Glide app or page?
  4. If Airtable refreshes its URLs regularly, does this mean that each time the urls are updated, it would count as an “update” in Glide. My concern here is that if I have 1,000 rows in Airtable, each with an attachment field, that I would be charged 1,000 “updates” in Glide every time Airtable refreshes those urls. If that’s the case, then Airtable may not be usable as a data source if you use it to store any attachments. It may be that I’m misunderstanding how updates vs. syncs work (this is still very unclear to me as a new user of Glide).

Thanks for the clarification. I appreciate it!

This was the announcement from Airtable for context:

On November 8, 2022, Airtable will improve the security of our attachment URLs by incorporating an expiring links functionality. Once this change takes place:

  • Any attachment URLs obtained via the public API and the CSV export functionality will expire after a few hours.
  • URLs obtained from copying an attachment cell value will open the file to the attachment viewer within the product, instead of directly opening the file.
  • The links obtained by referring to an attachment field in Formulas will not change (for backward compatibility considerations), and will therefore become invalid; the filename obtained in the same way will continue to work as expected.

Who is impacted?
Users who are storing attachment URLs anywhere directly outside of the Airtable product for persisting an attachment.

What is the reason for this change?
This change will make attachment URLs more secure to use in the Airtable product.

What do I need to do?

If you have workflows with attachment URLs that will be impacted, you can begin migrating them over to comply with the new functionality now by following the steps in this help article .

Additionally, on November 8, 2022 when secure attachment URLs launches, you’ll also have the opportunity to opt out of the migration for a 3 month period of time until we fully switch over on February 7, 2023.

@George-Glide Any plans to make a secure way of using uploaded files (including images) to glide without having the risk of loosing documents to outsiders. Further, we wouldn’t even know if the data has been compromised

See also the below:

3 Likes

Thanks for sharing Darren. I forgot about that thread. I’ve added my vote to your feature request. I’m interested in the comment from @david responding to your post that:

We will introduce an authenticated storage option, hopefully early next year.

I wonder how that’s coming along and what it would look like.

Your feature request seems to have a high level of support, especially among those that are building corporate/commercial private apps (which I understand is Glide’s target market), where security is more important than for apps that share recipes or lesson plans for example. From the responses to your post, it looks like this issue is holding a lot of people back from being able to use Glide for such purposes. I’m sure there are many others that feel the same way, and decide that Glide is not an option.

Personally, I’m exploring the idea of building internal apps and client portals for law firms using Glide (this is my own use case as well), but not having a secure solution for attachments makes that difficult. If we have to use an entirely different system to store contracts, corporate records, etc. to avoid this potential security issue, it makes it harder to justify the use of Glide altogether. The whole point is to be able to keep everything in one place for ease of access, updates and collaboration.

Your post is from last year, and it’s now “early next year” so here’s to hoping that a solution is on its way :wink:

4 Likes

No plans that I am aware of. Based on our current infrastructure of sending all data to the device, which includes the URL it would be a huge undertaking to change that behavior. If you use row owners that would make it more secure because the file URL links would only be downloaded for the row owner, but not fully secure as the URLs themselves would still be public and someone could possibly guess (or brute force write a bot to try hack them).

2 Likes

It sounds like authenticated storage is no longer in the works. That’s disappointing, but there could still be some potential workarounds available, depending on how “updates” are calculated. I’d still love to get an answer to these questions above:

It’s hard to determine whether I should build my own workaround using an outside service like Box and Make if I don’t know whether that workaround will cause a skyrocketing of updates. I also don’t want to invest the time required for such a messy workaround if an in house authenticated storage solution is on its way shortly.

I want to continue using Airtable as a data source, and to build my Glide app around that, but I don’t know how the November 8th Airtable changes will impact things I build in Glide. If I can’t say for certain whether everything will break or suddenly become ridiculously expensive, it’s pretty hard to commit to building anything. That’s frustrating for someone who badly wants to build and grow with this awesome platform.

If anyone else has any ideas for how to get around this potential security concern I’d love to hear it, especially if it avoids having users leave the Glide app or page to access a more secure link.

Disclaimer:. I don’t have any experience with AirTable.

Does airtable just record the url to the file within the table?
Do you know if the all attachment links would expire at the same time…and if so, would airtable do a bulk update on the table?

The way I understand it, yes it would probably count as an update if those links expire and re-update. But…it depends on how quickly or how often all rows are updated. Glide batches there synchronizations, so I believe if all 1000 rows were updated at the same time, then by the time that glide performs a synchronization, it would only count as one update. If each row is updated individually with a few minutes between each update, then I would have to assume that several smaller synchronizations would occur, meaning an update for each sync.

You might have to figure out how and when those expired links are updated. Once a month, once a week, once a day, or on a file by file basis. It may be once a day, meaning you would only have to worry about 30 additional updates.

2 Likes