There needs to be better security around the files uploaded via a knack app. As long as you have the path to a file, anyone can access it. This should be restricted to users of a kanck app at a minimum, however we use our app for multiple clients who each have their own files. Would be nice if we could control it at that level.
2 Likes
I agree there is inherently an implied security when you log in to an app and the expectation would be that the files would follow the same rules. A rule can be created for any AWS bucket that restricts the domain or IP of the file access that may be an easy fix here.
Watching this thread with interest …
Dont think it is a simple as you think. Locking it down to IP may restrict everyone from accessing it.
True, my thought was only being able to access an uploaded file from the Knack system when you are logged in.
Isn’t all of knack built on AWS? It would be ideal for them to require the authentication token of the user on the knack app in order to control access to files. It would be even better if files can be controlled from a user perspective.
Following with interest.
I would also like this. When I realized you could just follow the URL to download a file, I had to scape an entire module of my app. It would be great to have this kind of security.