lookerbot icon indicating copy to clipboard operation
lookerbot copied to clipboard

Published 20 hours ago verified publisher icon looker

Allow use of pre-signed URLs with s3

Open majormoses opened this issue 5 years ago • 2 comments

Looking at the code it requires the images to be publicly accessible, while much of the data we have in looker is OK to be public there is some data that is confidential in nature. We would like to leverage AWS pre signed URLs so its only accessible by those who have the link and we could control how long it is public for. Realistically we only need it long enough for slack to grab the preview so reducing the time window of exposure could help in this regard.

majormoses avatar Apr 30 '19 18:04 majormoses

The extremely long random URLs do provide a high level of security with a (probably overkill) 256 byte / 512 character / ~2000 bits of entropy secret. If there are exploitable attacks on this system, please let us know and we will address them.

That said, we would definitely accept a PR adding this functionality as an option for additional control over the length of time the URL can be served. We considered it and opted not to use it by default because it meant that older messages in Slack would be very likely to have broken images that would confuse users, so it's not a good default experience.

I would actually prefer the default option to be storing the images in Slack directly, but there are some API limitations preventing that from working well for this use case.

wilg avatar May 01 '19 16:05 wilg

@wilg I understand your perspective and unfortunately it sounds like there is no great solution. I also would prefer it to be an attachment as it side steps these issues all together. Unfortunately we will not be able to implement this without pre signed URLs as we have a policy that does not allow public s3 access for anything that is not considered public domain. If we limited it to a smaller time frame it would mitigate the concern as you pointed out the likelihood is not very high but its risk is high enough (given infinite time) that it still needs additional mitigations for any confidential material. If it were in a backend language I was familiar with I would submit a PR but learning typescript is pretty low on the list of languages I want to spend my time learning.

majormoses avatar May 01 '19 22:05 majormoses