S3存储公共读取权限带来的隐私顾虑(privacy issue with public read access for S3 storage)

[YiyangLu]

ref: https://lobehub.com/docs/self-hosting/advanced/s3

为了让openai能够从公网获取图片, 任何人都能查看存储在s3桶中的数据.
知识库功能的文件预览也依赖这个公网访问权限.
文件或图片中有敏感信息,还是很危险的.

---

In order for OpenAI to be able to access images from the public internet, anyone can view the data stored in the S3 bucket. The file preview feature of the knowledge base also relies on this public access permission. It is still very risky if the files or images contain sensitive information.

[SAnBlog]

同样存在顾虑,S3将桶只能设置为公有读,并且防盗链还不能开,官方API隐私起码能得到保证,如果使用的中转API或第三方代理商,数据安全很难得到保障

[arvinxx]

#3753