Hacker News new | past | comments | ask | show | jobs | submit login

Doesn't help how complex your URL is if legitimate users can pass it to anyone else who can then access the file without proper authorization.



Preventing legitimate users from sharing the data with malicious users is essentially what DRM is, and as we all know DRM is never perfect and rarely any good at all.

It's much more important to prevent malicious users from being able to access these files without the help of legitimate users. Which seems like an obvious thing to do, but it's what Slack has failed at here. It's impossible to tell from that one GitHub URL whether they get this right or not.


It does help. Malicious users intending to share files can do so without having a public URL.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: