The Filebase team has been gearing up for the holidays and is excited to release an update to end 2019 with features that many of our customers have been patiently waiting for.
Public Buckets and ACLs
Our number one requested feature by far has been support for public buckets. However, we wanted to take our time rolling this feature out, as it has important security implications. In practice, S3 is rather simple to use, but far too oftenbuckets are being left open to the public, exposing all types of important and sensitive data.
An important component of Filebase is our S3-Compatible API. It’s used by thousands of Filebase users and is responsible for 98% of the traffic we serve. With the S3 API, the visibility of buckets and objects are typically controlled using bucket policies and ACLs. Starting today, we have introduced ACL support for buckets. This will allow Filebase users to make buckets public.
But what about the objects? Misconfiguration in bucket and object ACLs are the number one cause for data leakage. Therefore, we have decided to group buckets and objects into the same access control list (ACL). A short overview:
- Buckets are always private by default.
- A bucket and its objects can be made fully public, or fully private — there is no in-between. The bucket ACL determines the ACL of its objects.
- ACLs can be controlled via the UI or S3 API (PutBucketAcl).
- If you call the S3 GetObjectAcl API, the response returned will match the response of GetBucketAcl.
Our goal here at Filebase is to create an easy to use object storage service, and we think the above policy strikes a great balance between security and usability. If you need a mix of private and public objects, simply create two different buckets.
The visibility of a bucket can also be changed with a simple toggle switch directly from the UI:
Private Access is the default status for all buckets. Individual object file sharing is not allowed while in this mode as authentication will be required.
When public access is enabled: Public is displayed under the Access column in the main Filebase UI Dashboard.
If you enable and then disable public access, the status reverts back to Private.
Now that buckets can be made public, it’s very easy to generate a shareable link to an object. Simply click the Sharebutton under the Actions column and the object’s URL will be copied to your clipboard. If the bucket holding your object is public, this URL can be shared with and viewed by anyone.
We have added a new overview screen for each object that includes various bits of information. From within your bucket, simply click on the objects name, and you will be taken to this overview page. If you’ve stored user-defined metadata along with your object using the S3 API, it will be displayed here as well.
As the year comes to an end we want to thank all of our users. Your feedback has been invaluable for helping to make Filebase better each and every release. As we move forward into 2020, be sure to look out for even more features and improvements!