Turns out images you send as part of a DM are accessible to *anyone on the internet* if they have the URL. 😐

Which means it's not impossible that someone could begin indexing all those images, somehow. Right?

@beebs @bohemianvalley No, the filenames have a lot of entropy, which means guessing even one URL out of nothing would take thousands of years.

This is not unusual. Check images in your Discord DMs, they are also accessible to anyone who knows the URL.

關注

@Gargron @beebs

Well, bad configured S3 can still be a problem :X Just saying.

If your bucket is not configure to hide files, they'll expose them by default including an index of all.

@sheogorath @gargron One solution to this are "presigned URLs".
The general idea is that the app is authorized to ask S3 for signed URLs (which are only valid for a given object for a given amount of time).
This moves the authentication process to the app, so the app has to do the check "Was this image actually uploaded by the user that is currently logged it? Oh yes it was, let's ask S3 for a presigned URL then, which I can pass on to the user".

@Nuntius

I'm not a AWS user since their payment requirements don't fit mine :x

I'll may provide some untested code you can go for, if you want. The changes to make, according to the documentation are trivial

@sheogorath Since I want to selfhost things, I don't use AWS either, but Minio. (S3 has grown to some unofficial standard for object storage one might argue).
But yeah, if you happen come around doing that, it'll be greatly appreciated :)

@Nuntius Coming back to this after more than a month. (And yes, I had to scroll a lot!)

I thought more detailed about adding presigned URL in CodiMD. Turns out it's a bad idea. Uploads are proxied through CodiMD anyway and links persist in Notes until the not itself is deleted or changes which means presigned URL have no benefit besides expiring and this way breaking notes. So not really interesting from a CodiMD perspective. Any other thoughts on that?

@sheogorath Fair, one would need to keep updating the notes as well, which adds complexity.
For private notes with images you don't want to be seen, maybe just hope that the image object's URL is random enough to not be guessed (until there's a more viable option) 🤷‍♂️

@Nuntius @sheogorath Mastodon supports local filestorage, S3, Google Cloud. At least local filestorage definitely does not support that functionality.

Sign in to participate in the conversation
g0v.social

be excellent to each other