Document file upload random uuid security
This commit is contained in:
parent
4e5897f51e
commit
63a1a581e9
|
@ -5,3 +5,4 @@
|
|||
- [Web Hooks and insecure internal web services](webhooks.md)
|
||||
- [Information exclusivity](information_exclusivity.md)
|
||||
- [Reset your root password](reset_root_password.md)
|
||||
- [User File Uploads](user_file_uploads.md)
|
||||
|
|
|
@ -0,0 +1,11 @@
|
|||
# User File Uploads
|
||||
|
||||
Images attached to issues, merge requests or comments do not require authentication
|
||||
to be viewed if someone knows the direct URL. This direct URL contains a random
|
||||
32-character ID that prevents unauthorized people from guessing the URL to an
|
||||
image containing sensitive information. We don't enable authentication because
|
||||
these images need to be visible in the body of notification emails, which are
|
||||
often read from email clients that are not authenticated with GitLab, like
|
||||
Outlook, Apple Mail, or the Mail app on your mobile device.
|
||||
|
||||
Note that non-image attachments do require authentication to be viewed.
|
Loading…
Reference in New Issue