Security/privacy concern in data_requests protocol

[CodingCellist]

Since we are dealing with medical data, privacy is quite a high priority.
By including the full path in the URL, whoever it is sent to would be able to know what project and which file(s) from the project are referenced. This is probably unwanted since they should only be able to view the exact data referenced by the URL, and not where it came from.
But how to solve this?...

[rminami]

I think just using HTTPS should solve this problem. Which we probably should be requiring anyways, since it is medical data we're working with here.

[magnostherobot]

Using HTTPS would solve this issue for outsiders but there is still maybe a problem in the person who is being given the link. The client stressed that being able to share a link with anyone so that they can view a single resource, without them necessarily being part of the project group, would be very useful. If the receiver of the link is not a member of the project group, then ideally the resource being linked is the only resource they should gain access to. Including the resource's path in this link would not only give the receiver information on the internal structure of the project, it might even let them view other files by editing the given URL.

[magnostherobot]

A solution I can see is the generation of a "shareable" link, like Google Docs does. Regular use of the website as a project member could use URLs reflecting the internal structure of the project, while "shareable" links contain a resource's UUID.

[magnostherobot]

I have created PR #46, which will introduce shareable links that keep file path and project name confidential.