Security issue with shareable link
If you keep documentation internal for security reasons but still want to share your space with externals, shareable links is a good option. They are still in BETA so there will be changes I would expect. I do see a security issue with them at the moment. Especially for those having to deal with a lot of members.
It seems that when you are logged in and manage a space, the string in the URLs is the same as the shareable link you would give someone that requires no log in.
When you have a lot of readers, links get shared from the address bar, pasted and distributed without control nor knowledge that these same links would require no log in and that is a security issue.
Shareable links generated for sharing spaces should facilitate that purpose only and not be used throughout the book.
Ideally I'd like to see more control over the shareable links like:
* The ability to be able to simultaneously generate more than one links. So you are able to share different links with different groups of external people but still having some control over them.
* The ability to revoke or reinstate one.
* Be able to see a full list of all shareable links, old and new.
* Be able to edit a link when generated to something of your liking (not as important but good to have)
* Perhaps even get stats on them (not nearly as important but nice to have)
For the time being shareable links will stay off for us for security reasons.
marked this post as