Hi, I am trying to figure out uploaded file security. I have the “make file private” box ticked on upload, and the file is attached to a thing that has a security profile so that only admins can see the file. This works great to protect the file within the app, but when the file is opened, you can take the URL and load it in the browser and it will open regardless of user status. The URL to the file has AWS access keys in the URL, which allows access for anyone with the link.
Can anyone advise me how they got around this problem?
