Security and Privacy: Location of where the AttachmentInput.cs uploads file to

[dawwa]

Hi team, this is regarding to this action in Composer. https://github.com/microsoft/botbuilder-dotnet/blob/main/libraries/Microsoft.Bot.Builder.Dialogs.Adaptive/Input/AttachmentInput.cs

We observed that the attachment is always uploaded to a remote location that not owned by us, from checking the returned content url, which is something like

"contentUrl": "https://webchat.botframework.com/attachments/[CrlLiBoBCjTFPwD9Z1hzoU-us/0000004/0/2020-11-0519-19-07.mp4?t=xxxxxxxxxxxxxxxxxxxxxxxxxxxxx(https://webchat.botframework.com/attachments/CrlLiBoBCjTFPwD9Z1hzoU-us/0000004/0/2020-11-0519-19-07.mp4?t=xxxxxxxxxxxxxxxxxxxxxxxxxxxxx)

But I could not find where to specify a custom storage since we don't expect to upload files to somewhere not owned by us for security and privacy reasons.

Would you please help to understand how the current code works and where the files are actually uploaded? Any way we could specify a custom storage for it?

Thanks!

[dawwa]

https://github.com/microsoft/botbuilder-dotnet/issues/6568

[luhan2017]

@dawwa , the attachment is stored in our internal blob storage and the TTL is 24h, does this meet your security and privacy requirements? We don't have a mechanism to use custom storage for this scenario.

[luhan2017]

confirmed with customer, this meets their security requirements.