I configured S3 bucket as a cache to ONLYOFFICE Docs, now I receive a short live signed S3 URL to download the file from the status callback, Is there config or something you have to further secure this URL to not be publicly accessible?
We want this URL only to be downloaded from our server and not be public accessible for everyone, do you have any other config to achieve this?
Hello @leandro
Currently, the data is protected using a hashing algorithm and a JWT secret, making unauthorized access difficult. Additionally, retrieving documents is further complicated by the use of a complex document ID embedded in the URL, which is not easily discoverable.
In other words, access is only possible if you already have a direct link.
We are continuously working on enhancing our security mechanisms and we will update this thread once we have something to share.