1

I am working on a project where I need to store files from users on a google cloud storage bucket. These files are private by default but should be readable by others, if my backend allows access to specific elements in my database, in which the files are mentioned among other data. My idea is to make every upload publicly readable through the public URL. This way, I can just simply store the URLs in my database and don't need to worry about granting access to the file in the bucket.

For security, each file will contain an uuidv4 token in its name/directory so that no one could access the file if the uuidv4 token is unknown as it couldn't be guessed anyways.

I am very unsure if this approach is OK regarding the security of files. Does anyone have any experience with something similar?

Kevin Kreps
  • 560
  • 6
  • 18
  • 1) Security through obscurity is a recipe for disasters: https://en.wikipedia.org/wiki/Security_through_obscurity 2) If a bucket is public, you can list the object names. – John Hanley Nov 15 '20 at 02:05
  • Following through with what @JohnHanley said, you can use [VPC Service Controls](https://cloud.google.com/vpc-service-controls/) or [ACLs](https://cloud.google.com/storage/docs/access-control/lists) as an additional security. – Alex G Nov 16 '20 at 05:27

0 Answers0