DreamObjects and unique bucket names

dreamobjects

#1

I know this is stupid but… I just created a bucket with a fairly common name. On one hand I’m thinking DO at DH is fairly new and there hasn’t been a run on “good names” like prime domain names. On the other hand I’m sort of surprised that this name wasn’t used yet.

I’m wondering if it’s a bad idea to have a bucket name that’s fairly common. Even if it’s set to private I’m wondering if it’s going to be a prime target for hacks.

For private buckets that we’ll never share, wouldn’t it be better to create buckets with long and complex names to improve security?


#2

Absolutely.


#3

Indeed! DreamObjects is still pretty fresh so a lot of “good names” are still available. As you say, those are more likely targets. Really, any public bucket can be a target so I advise you to keep it private unless you need it to be public.


#4

Coming back to this, I’m now wondering about the attack surface of a sub-domain serving as an alias to our DO space. How tough might it be for someone to find contrived-subname.mydomain.tld, an alias for foo-bucket123. And then how tough might it be for that someone to access the space once they find the name?

I guess the stock answer is “it’s all secure”, but in practical terms, I’m still not sure if we’re giving significant credit to security by obscurity.

I’m just looking for the “right” way to get regular backups of internal data, and I don’t want to do anything stupid or get any surprises with basic usage.

Thanks


#5

So long as your bucket and object permissions are all set to private, the obviousness (or otherwise) of the name is not a factor in its security.


#6

There can never be too many pieces to a difficult puzzle; relying on one is absurd.