25 lines
1.8 KiB
Plaintext
25 lines
1.8 KiB
Plaintext
* Attendees:
|
|
- Christopher Jimenez - Security/Product/Engineering
|
|
- He's concerned about the CDN url being open.
|
|
- Can we add an endpoint/additional layer of clicking that link so that an attackers cannot somehow get access to the URL?
|
|
- He's open to starting with what we have and adding this in the future.
|
|
- If this security works, he wouldn't even want these files in Google Sheets.
|
|
- Ideally, they will rotate the api keys every month.
|
|
- Pre-signed URLs is the theory here.
|
|
- Analytics Extracts with encrypted API might work.
|
|
*** Question about API:
|
|
- He wanted to see if he could connect directly to Salesforce.
|
|
- The people endpoint isn't returning all the info necessary such as email, etc.
|
|
|
|
*** Lukasz's Idea:
|
|
- The link in the looker dashboard would make a POST request
|
|
- This link passes the UID for the assignment
|
|
- Then extract from Northpass API the appropriate submission
|
|
- Lukasz decoded the filestack url and it said that it should become invalid after 48 hours
|
|
|
|
** Testing CDN Filestack Links:
|
|
- URL 1: "https://cdn.filestackcontent.com/security=policy:eyJleHBpcnkiOjE2OTI5MjU4NzUsImNhbGwiOlsicmVhZCIsImNvbnZlcnQiLCJzdG9yZSIsInBpY2siLCJyZW1vdmUiXX0=,signature:d3c84648f09aaa9d7feed8f2f093147fe9a6f3b173e83a7d26835f4bea54ce5d/yNKYNOxsQOii6s5SqXoN"
|
|
- URL 2: "https://cdn.filestackcontent.com/security=policy:eyJleHBpcnkiOjE2OTI5MjU4NzUsImNhbGwiOlsicmVhZCIsImNvbnZlcnQiLCJzdG9yZSIsInBpY2siLCJyZW1vdmUiXX0=,signature:d3c84648f09aaa9d7feed8f2f093147fe9a6f3b173e83a7d26835f4bea54ce5d/yNKYNOxsQOii6s5SqXoN"
|
|
- URL from incognito: "https://cdn.filestackcontent.com/security=policy:eyJleHBpcnkiOjE2OTI5MjU4NzUsImNhbGwiOlsicmVhZCIsImNvbnZlcnQiLCJzdG9yZSIsInBpY2siLCJyZW1vdmUiXX0=,signature:d3c84648f09aaa9d7feed8f2f093147fe9a6f3b173e83a7d26835f4bea54ce5d/yNKYNOxsQOii6s5SqXoN"
|
|
|