|
|
|
|
|
|
by emrox
876 days ago
|
|
|
On a user level I agree, on a technical level I disagree. Reason for disagreement is that the preview is generated once with the access rights for the user posting that link (with the permission Slacks Google Docs integration got from the posting user). For performance reason it would be quite costly to generate a preview for every viewing user since access rights could be different for every user. Also access rights can change every time, so it would be necessary to recheck permissions regularly to decide if the preview should be renewed (removed/added/changed). This also would mean users need to wait longer for the preview to generate. So every user posting a link on Slack (or any platform which generates previews with a special integration) should be aware of that fact |
|
|
If you can't do previews in a way that respects access permissions you shouldn't do them at all. This isn't a feature that is essential whereas security really is.
Moreover you really can't possibly have a security scheme that relies on every user being aware of something. Someone will either not know or will know but forget or make a mistake. Systems should be robust enough to accomodate usage by actual humans.