Closed ma-ruifeng closed 6 months ago
Haven generates new image links each time a page loads. Those links contain temporary credentials which expire. The way an image could leak this way would be for someone with access to get a link, and give it to someone else immediately for the other person to use without delay. However in this case, the person with existing access could just as easily download the image and give it to someone else.
The link you pasted currently returns an error message:
<Code>AccessDenied</Code>
<Message>Request has expired</Message>
Thanks for being security focused, and please let me know if you think there is an issue with the approach I take here!
My post:
The Pic link can be readed without login