| > Such links are very useful in an 'it's OK to have security match the
use case' I think you give the most sensible summary. It's about "appropriate
and proportional" security for the ease of use trade-off. > the user now has a link to a photo, they could reshare but i trust
they won't intentionally do this. Time limits are something missing from most applications to create
ephemeral links. Ideally you'd want to choose from something like 1
hour, 12 hours, 24 hours, 72 hours... Just resend if they miss the
message and it expires. A good trick is to set a cron job on your VPS to clear /www/tmp/ at
midnight every other day. > The big issue here isn't the links imho. It's the security analysis
tools scanning all links a user received via email You have to consider anything sent to a recipient of Gmail, Microsoft,
Apple - any of the commercial providers - to be immediately
compromised. If sending between private domains on unencrypted email
then it's immediately compromised by your friendly local intelligence
agency. If using PGP or am E2E chat app, assume it _will_ be
compromised at the end point eventually, so use an ephemeral link. |