Skip to content
Announcing the Appwrite X MongoDB partnership
Start building
Back

Storage file url

  • 0
  • Self Hosted
  • Web
View on Discord
BeT
24 Mar, 2024, 07:15

There was an image in the storage bucket that was pushed to production as a link like this https://ENDPOINT_URL/v1/storage/buckets/BUCKET_ID/files/FILE_ID/view?project=PROJECT_ID does it mean that project was compromised and in theory anybody can access to it with sdk?

TL;DR
Developers, check permissions settings in Appwrite Console for file access. File security can be enabled there as well. Ensure proper permissions are set for read access. The image URL provided does not compromise the project if permissions are set correctly.
Meldiron
24 Mar, 2024, 07:59

Hi ๐Ÿ‘‹ View, preview and download endpoints for files all respect permissions. You can open Appwrite Console and check settings of your bucket. Whoever has read permissions was possibly allowed to see the file.

If you have file security enabled, also please view details of a file in Appwrite Console and check permissions there. Those with read permissions on file could aslo possibly read the file

Reply

Reply to this thread by joining our Discord

Reply on Discord

Recommended threads

Need support?

Join our Discord

Get community support by joining our Discord server.

Join Discord

Get premium support

Join Appwrite Pro and get email support from our team.

Learn more