I am working on a Property Management App (Private) and now the Client wishes to upload relevant PDF documents per line item.
I have seen that Files are stored something like this
which makes me believe that Files stored within Glide should be pretty safe.
Would appreciate some feedback, many thanks and all the best for 2024!
While the urls are almost impossible to guess, they are still public. I was able to open the link you shared with no form of authentication. So technically files in Glide storage are not protected, especially if the url becomes known and shared with those that should not have access.
There have been requests for more secure storage, but I’m not sure if that’s on the roadmap at this time.
Thanks, that link was just to illustrate how they look, but real links will not be Public and be protect by Row Owners.
@david wrote this in the other post:
The URL is public but not simple–you must know the URL, which contains a password.
It seems that this is good enough for our needs 
.
We will introduce an authenticated storage option, hopefully early next year.
That was from October 2021, time just flies 
.
Row Owners does very little in this case. It does make the URL harder to get, but the URL is still public. So anyone that has it can access the file.
But the point is still the same. If I were able to sign into your app as a user and I happened to own a row in a table that links to that image, then you are relying on me to not obtain and share that url with other people, or leave it open and exposed. If that url ever got unintentionally shared, then it’s still accessible by anybody, regardless if they use the app or not.
I understand your point that Private apps and Row Ownership will help to protect the file, but it’s still a public url. Comparing to Google Drive for example, you can share a url to a file, but still require authentication. That is not the case with Glide storage at this time.
Point taken, I will alert my client about this situation and get his understanding and permission upfront.
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.
