locked
obfuscating storage account name RRS feed

  • Question

  • Is there any merit in obfuscating the azure storage account names using the max number of random chars/nums that is allowed? I know that they are still going to be publicly visible and accessible with the keys but is there any benefit in this? Admin is going to be trickier from the portal having accounts with random names naturally. Is there such a practice of "scanning" storage account names to find ones that exist or is there mechanisms to prevent that? I am aware that obfuscation does not equal security and only means to delay and not prevent but I can't see any other way to secure a storage account to a specific IP address/range presently.

    Is this something you would/wouldn't recommend to do in practice?


    Wednesday, December 31, 2014 2:20 PM

All replies

  • Hi,

    As far as I know, azure automatically generated storage account name gives us a easy way to create our resource, it is a basic functionality, however, good habits helps us to manage our resources.

    Best Regards,

    Jambor


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    Thursday, January 1, 2015 7:03 AM
  • Thanks for the reply.

    Are you saying that creating storage accounts with obscure names is generally recommended?

    Friday, January 2, 2015 9:31 AM
  • Hi,

    I would suggest you create azure storage with your own name, it is a good habit, and you can find what you want easily.

    Best Regards,

    Jambor


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    Monday, January 5, 2015 1:58 AM
  • Arthur,

    Currently Microsoft Azure doesn't have any provision to let users specify range of IPs to access the storage service and all it depends on is the access keys for authentication, as long as you manage to keep those in secure way - you don't need to worry about storage names. 

    I personally think that there is no need to obfuscate storage names which might make your / admin's life more cumbersome in maintenance point of view.

    If you really need to keep your storage more restricted - you can opt for option of creating private containers and let users access it with shared access signature - read more about it here - 

    http://azure.microsoft.com/en-in/documentation/articles/storage-dotnet-shared-access-signature-part-1/

    You further might want to look at the excellent article about managing storage keys in azure -http://azure.microsoft.com/en-us/documentation/articles/storage-manage-storage-account/


    Bhushan | http://www.passionatetechie.blogspot.com | http://twitter.com/BhushanGawale

    Monday, January 5, 2015 6:55 AM