Free Support Forum - groupdocs.com

Does the embedded url for some GroupDocs document have expiration time?

I’m using Startup Basic Plan, and trying to integrate GroupDocs with our application.


Does the embedded url (like “https://apps.groupdocs.com/document-viewer/embed/xxxxxxxxxxxxxxx?frameborder=‘0’%20width=‘800’%20height=‘600’&signature=yyyyyyyyyy”)
have expiration time?

I think the signature (“yyyyyyyy” in the above example url) has expiration time, but I couldn’t find any information about expiration time in your public document.

So please tell me about the expiration time of embedded url.

If the url has expration time, please tell about the length of the time and whether I can change the length of expiration time.

Hi,


Thank you for your interest in GroupDocs. The embed URL and the signature doesn’t have any expiration time. If you will use our Cloud SDK the signature is generated from your Client ID and the Private Key via such method “<span style=“background-color: rgb(245, 245, 255); color: rgb(48, 64, 79); font-family: Menlo, Monaco, Consolas, “Lucida Console”, monospace; font-size: 12px;”>signUrl” from the “GroupDocsRequestSigner” class. For more info about how to embed the Viewer via the SDK you can check these examples.

Best regards.

Thank you pavelteplitsky.


I have one more question.
Can I use a signature generated for a document as a signature for another document ? (I think it’s good if it cannot be used for other document.)



Hi,


Thank you for the question. As I said earlier the signature is generated from your account data and its always the same - since that the signature can be used for all your embed URLs.

Best regards.

Thank you, Pavel Teplitsky


and really??
I think it’s not secure.
So, If any user views some html (iframe) source of our application, and take a note about the Signature, and then if the user knows about any other GUID, the user can access the other file any time (because the signature does’t have expiration time…). It makes no sense to use GroupDocs client id and private key from our application.

Hi again,


I have discussed this with our Product team and here what I have found out:

The signature is used for not accessing other guids , the signature is the same only for a specific guid, so for different files…there are different signatures.

Sorry for confusion.

Hi, Pavel Teplitsky


Thank you for confirming about this.
And OK, I understand the feature about the Signature.

Best Regards,
Masato Setoyama

Hi Masato,


You are welcome. If you will have any questions please feel free to contact us.

Best regards.

Hi, Pavel Teplitskiy


By way of experiment,
I changed the signature of the embedded url from a generated and correct signature to an inaccurate one (“aaaaa”), then opened Chrome’s “Secret Window” and input the url with the inaccurate signature(“aaaaa”) expecting to be denied to access, but could access my document of Groupdocs.
Instead of using “Secret Window” of Chrome, I tried Firefox and Safari, but the result was same (could access the document without a correct Signature)

Is this correct behavior of your service? This is not good…

Hi,


Sorry for the delay. Yes, this is an issue and we will fix it. When the fix will be released - you will be notified here.

Sorry for the inconvenience.