Cloudinary offers multiple upload methods, some of them are server-side signed uploads and some are client-side unsigned uploads.
For every unsigned upload, a corresponding upload preset must first be defined via the console in the upload settings.
When using unsigned upload, one security consideration to take into account is that if the upload preset name is known to someone who isn't part of the internal team then it can be used with a different Cloudinary account to have assets uploaded to the original account.
Note that in any case, using the preset doesn't give anyone permission to edit, override, delete, or do any harm to your own content.
In case a preset name was compromised the below actions can be taken to ensure the account is safe again:
- Changing the upload preset name to a new one.
- Remove any uploads which do not originally belong to the account
- Move to signed uploads instead of unsigned ones.
Comments
0 comments
Please sign in to leave a comment.