Google Cloud Storage anti-theft chain?

I uploaded an image to Google Cloud Storage, but someone used the URL of the image for their website without my consent, which caused me to lose money. How can this be prohibited?

1 answer

  • answered 2020-01-14 09:04 Andrei Tigau

    As @Doug and gauillaume@ said in the comments, by default, a storage URL is accessible for anyone connected to internet who has the URL.

    If you want only entitled persons to have access to you Storage objects you can use Signed URLs.

    A signed URL is a URL that provides limited permission and time to make a request. Signed URLs contain authentication information in their query string, allowing users without credentials to perform specific actions on a resource.

    Here you can read more about how to process of generating signed URLs looks like and how to achieve it.

    There are also other security considerations for Storage buckets that may be worth reading about. For example if you do not need a 100% secure bucket you can simply choose some very difficult name for buckets and objects. That way it will be very difficult for a link to be guessed by a person which is not entitled. More strong solutions would be ACLs and different IAM roles attributions.