From c3af2e35eb83296e873d840cbcae3202ddcb3242 Mon Sep 17 00:00:00 2001 From: SmallParty Date: Mon, 16 Dec 2024 13:07:16 +0100 Subject: [PATCH] =?UTF-8?q?Update=20Articles=20=E2=80=9Chow-to-secure-your?= =?UTF-8?q?-blob-storage-container=E2=80=9D?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../articles/how-to-secure-your-blob-storage-container.en.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/content/newsroom/articles/how-to-secure-your-blob-storage-container.en.md b/content/newsroom/articles/how-to-secure-your-blob-storage-container.en.md index 7d092ffd..5115dff9 100644 --- a/content/newsroom/articles/how-to-secure-your-blob-storage-container.en.md +++ b/content/newsroom/articles/how-to-secure-your-blob-storage-container.en.md @@ -76,6 +76,8 @@ Implement least privilege access by giving users and applications only the permi - **Blob (level) Access**: The public cannot list the contents of the container, but anyone with the exact URL can access the blob. This poses a risk of exposing sensitive data if URLs are leaked or guessed. Blob Access is suitable for non-sensitive content that must be shared with external parties, such as public-facing images or documents. - **Container (level) Access**: This is the most permissive setting, allowing anyone to list all the contents of the container simply by knowing its name and the associated storage account name. Container Access is suitable for scenarios where data must be widely discoverable without authentication, such as hosting a public dataset. +If you switch from Container-level access to Blob-level access on for an existing container, don’t assume this will automatically make your containers more secure. Third-party indexers, such as GrayHatWarfare, may have already cached the URLs to your blobs in their databases, meaning they can still provide links to your data. + Needless to say, private access is the most secure option. This configuration ensures that only explicitly authorized users and services can access the data. It provides the highest level of security by enforcing strict access controls. ### 2. Disable anonymous read access