Cloudinary offers multiple upload methods. Some of them are server-side signed uploads and some are client-side unsigned uploads.
For every unsigned upload, a corresponding unsigned upload preset must first be defined. Upload presets can be created via the console in the upload settings or with the upload_presets method of the Admin API.
When using unsigned uploads, one security consideration to take into account is that if the upload preset name is known to someone who isn't part of the internal team then it can be used with a different Cloudinary account to have assets uploaded to the original account.
Note that in any case, using the preset doesn't give anyone permission to edit, override, delete, or do any harm to your own content.
In case a preset name was compromised the below actions can be taken to ensure the account is safe again:
- Change the upload preset name to a new one.
- Remove any uploads which do not originally belong to the account
- Move to signed uploads instead of unsigned uploads.
Comments
0 comments
Please sign in to leave a comment.