Things are more secure if you share your file with a specific set of users, but that requires your counterpart to have an account with the system you’re using (eg a Google Account for Google Drive). When sharing files with an arbitrary counterparty, it’s often sufficient to generate a publicly available, unlisted/unindexed, hard to guess URL. Even better if it’s time boxed.
I’m sure there are attackers who attempt to identify and enumerate these URLs. If they’re well designed though, it should be infeasible to guess the link.
It is much harder than it would seem to keep these links secret. If one of your assets gets caught by other means, they could endanger the entire network if they use the same methodology.
The CIA thought they had a super great system, and then many of their assets got rolled up at once in a hugely embarrassing (and deadly) blunder.
Things are more secure if you share your file with a specific set of users, but that requires your counterpart to have an account with the system you’re using (eg a Google Account for Google Drive). When sharing files with an arbitrary counterparty, it’s often sufficient to generate a publicly available, unlisted/unindexed, hard to guess URL. Even better if it’s time boxed.
I’m sure there are attackers who attempt to identify and enumerate these URLs. If they’re well designed though, it should be infeasible to guess the link.