picosam
12/04/2017, 2:57 PMFile uploads using the File API are not governed by the permissions on theDoes this mean that one should really be very protective about one’s project alias for instance? I mean, if anyone knows what my service name or ID is, they can simply upload files without any control. No? I don’t have an issue with the downloads really, since the file secrets in my opinion should only be communicated to an authenticated user unless those files are public in the first place.type. As such, everyone can upload files to your project.File
nilan
12/04/2017, 3:00 PMpicosam
12/04/2017, 3:04 PMFile
type (and so lose the File endpoint), are there other security concerns in knowing the service ID?picosam
12/04/2017, 3:09 PMnilan
12/04/2017, 3:20 PMpicosam
12/04/2017, 3:29 PM