jreadey
commented
1 year ago This is checked into master. The default config is: allow_any_bucket_read: true allow_any_bucket_write: true
for backward compatibility since I didn't want anyone to have mysterious failures with the update.
For enhanced security it would be best if the ability to read or write to an arbitrary bucket can be controlled using config settings. E.g. add to config.yml: allow_any_bucket_read: true allow_any_bucket_write: false
On AWS or Azure it's certainly possible to do the equivalent based on policy settings, but the above config will be a good default for those who inadvertently use credentials that allow read/write access to any bucket in their account.