Mar 14, 2019 17:29:18

Security on my web app

by @zyumbik | 496 words | 80🔥 | 100💌

G̷͕̳͝l̴̨̟̏̃̆̚e̷̳͇͖͑̔b̴̞̱̦͕̼͇̔̽̀̽͒ ̸̈́̆͒̀̉ ̵̨̪̈́̒Sa̴͇͊b̵̨̅͆i̶̖͑̄r̶̩̘̊̒̕z̷̟̀͑y̴͚͉̎͘à̸̃͜ͅn̶̤̲̜͊͐ỏ̵͈͔̑v̴

Current day streak: 80🔥
Total posts: 100💌
Total words: 33262 (133 pages 📄)

Recently I've built a very simple tool — Figma Link Shortener! It allows you to turn any long Figma link (and if you haven't used Figma, they are looong) into a short shareable URL. Someone who saw it brought-up a great security-related issue! They said that by shortening links using my service, they are essentially giving these links away to me — the creator of this service, — for free. 

Before continuing on this article, I highly recommend reading User's point of view on security: part 1 and part 2.

I cannot disagree with this statement. I store all the links in the database and can access all of them if I wanted to. You have to trust me in order to use this service, just because there are no ways to make it more secure while keeping it as convenient as it is now. Nevertheless, I will share my ideas on what security measures could be taken by me or you, as a user of this service:

First, the simplest one. If you are working for a large company, you may already know what that would be: don't use the shortener at all. Especially if you are on a Figma Organization plan with extended security — using any third party services like mine is a strict no-no. 

Second, the best security measure I can protect you and me with is writing a legal document like privacy policy or terms of service. This will make sure that in any of edgy situation, the law will determine who is right and who is wrong. 

Third, encryption. You could think that it can solve all problems with security in the world, but it doesn't. If I store the encryption key on my server, it would be useless. It's like storing the key from the door in the keyhole. This idea is explained further in the articles I mentioned in the beginning.

Fourth, I can give you an ability to password-protect your links. This way, if your links will be encrypted with this password, I wouldn't be access your links: you will be the key holder. However this is useless because you would have to share both the link and the password with anyone who wants to access it. And if you forget the password — you will lose the link. Does such a short link worth it if you can just share a long one instead? I don't think so.

TL;DR

Shortener works especially well for sharing your work publicly in a blog, portfolio or social media. Also it's fine to use it for small freelance projects, where security is not a big concern. Generally speaking, if you are sharing a file with link access, security shouldn't be a concern for you. But if you are sharing a file without link access, you wouldn't need to use my service as you are not gaining any convenience from the short URL this way.

This post is sponsored by my Twitter.
contact: email - twitter - facebook