locked
azure storage RRS feed

Answers

  • User-646145796 posted

    Hi,

    If a SAS is published publicly, it can be used by anyone in the world. If we expose the SAS url to customer, we have 4 ways to revoke it:

    • The expiry time specified on the SAS is reached.
    • The expiry time specified on the stored access policy referenced by the SAS is reached (if a stored access policy is referenced, and if it specifies an expiry time). This can either occur because the interval elapses, or because you have modified the stored access policy to have an expiry time in the past, which is one way to revoke the SAS.
    • The stored access policy referenced by the SAS is deleted, which is another way to revoke the SAS. Note that if you recreate the stored access policy with exactly the same name, all existing SAS tokens will again be valid according to the permissions associated with that stored access policy (assuming that the expiry time on the SAS has not passed). If you are intending to revoke the SAS, be sure to use a different name if you recreate the access policy with an expiry time in the future.
    • The account key that was used to create the SAS is regenerated. Note that doing this will cause all application components using that account key to fail to authenticate until they are updated to use either the other valid account key or the newly regenerated account key.

    If you want to use SAS, and don‘t want users to use any time. In your scenario, I would suggest you do not set the expiration time is too long.

    Best Regards

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Monday, October 5, 2015 10:20 PM

All replies

  • User-646145796 posted

    Hi,

    If a SAS is published publicly, it can be used by anyone in the world. If we expose the SAS url to customer, we have 4 ways to revoke it:

    • The expiry time specified on the SAS is reached.
    • The expiry time specified on the stored access policy referenced by the SAS is reached (if a stored access policy is referenced, and if it specifies an expiry time). This can either occur because the interval elapses, or because you have modified the stored access policy to have an expiry time in the past, which is one way to revoke the SAS.
    • The stored access policy referenced by the SAS is deleted, which is another way to revoke the SAS. Note that if you recreate the stored access policy with exactly the same name, all existing SAS tokens will again be valid according to the permissions associated with that stored access policy (assuming that the expiry time on the SAS has not passed). If you are intending to revoke the SAS, be sure to use a different name if you recreate the access policy with an expiry time in the future.
    • The account key that was used to create the SAS is regenerated. Note that doing this will cause all application components using that account key to fail to authenticate until they are updated to use either the other valid account key or the newly regenerated account key.

    If you want to use SAS, and don‘t want users to use any time. In your scenario, I would suggest you do not set the expiration time is too long.

    Best Regards

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Monday, October 5, 2015 10:20 PM
  • User367998143 posted

    .

    Tuesday, October 6, 2015 11:08 AM