0

I would like to share a csv file to two or more separate computers/users. They would be running our software program which reads this text file. This is just initial idea for feedback please.

To make it as easy as possible for the end users, if they wish to share it I want to automatically create a copy of this text file (CSV) into a S3 bucket. The "top level bucket" would be the same for all users of program however the program would create for example six random words (could be more as required, no limit) so that the file is stored under that. This will be accessed via HTTPS link so that the words are not readable on route. By having multiple words I hope that this reduces chances of guessing the link to the file.

To share the file with other users, they would require the four random words in their program and nothing more.

The idea is to share the file without the end users needing to create a username/password and therefore remove need to have an https web server or something in front of the file share in S3. So the file would be accessed via something like s3://s3.my.domain.com/sharedfiles/1stwWord/2ndWord/3rdWord/4thWord/5thWord/6thWord/myfile.csv

It wouldn't need to be 'public' as we can set the access to that bucket for the application.

How bad or good is this?

schroeder
  • 125,553
  • 55
  • 289
  • 326
Matthew
  • 101
  • Why use words instead of random strings? – schroeder Oct 24 '22 at 14:47
  • "good or bad" needs some sort of standard to compare against. What do you want to protect from? – schroeder Oct 24 '22 at 14:48
  • good or bad in reference to how easy for someone not part of the share group to guess the link or using method to go through all options. – Matthew Oct 24 '22 at 14:51
  • So, all the other details aside, you are asking how guessable a URL is that uses 6 random words? – schroeder Oct 24 '22 at 14:52
  • yes it is a rather round about way with my question. If UUIDs were to be used I assume that makes it harder. And now I see there is a duplicate question which asked in a better way. Thanks. – Matthew Oct 24 '22 at 14:55

1 Answers1

0

If you are trying to have a unique identifier for each file and for each client, you can use UUIDv4. The use of words does not provide here any advantage.

So client A will have UUIDv4 of acded7f4-33c2-4087-80f1-b060e57fe99b and the CSV file will have a UUIDv4 of bb5f9cce-f148-405c-81e1-ef846052259a and so the file URL would like as follows:

s3://s3.my.domain.com/sharedfiles/acded7f4-33c2-4087-80f1-b060e57fe99b/bb5f9cce-f148-405c-81e1-ef846052259a.csv

This is the common method for saving files of clients in S3 (usually the UUID will be stripped from -).

Bubble Hacker
  • 3,783
  • 1
  • 11
  • 20
  • Yes that would be an alternative thanks. My aim to make it easy for these users to share the 'secret' in this case the UUID to the few that require the file. Others then can't just guess it to download in their program. There would be many groups of users sharing the different files. – Matthew Oct 24 '22 at 14:52