> For Azure Blob Storage, storage accounts are scoped with an account name and container name, so this is far less of a concern.
The author probably misunderstood what "account name" is in Azure Storage's context, as it's pretty much the equivalent of S3's bucket name, and is definitely still a large concern.
A single pool of unique names for storage accounts across all customers has been a very large source of frustration, especially with the really short name limit of only 24 characters.
I hope Microsoft follows suit and introduces a unique namespace per customer as well.
ryanjshaw 12 minutes ago [-]
I recall being shocked the first time I used Azure and realizing so many resources aren’t namespaced to account level. Bizarre to me this wasn’t a v1 concern.
ChrisMarshallNY 33 minutes ago [-]
I saw “bucketsquatting,” and an entirely different image came to mind…
iknownothow 10 minutes ago [-]
I'd ask politely to refrain from such comments :)
This is not me criticising you. I totally understand the urge to say it. We're all thinking the thing you're thinking of. It takes effort not to give into it ;)
The reason I personally would refrain from making such comments is that they have the potential to end up as highest ranked comment. That would be a shame. Topic of S3 bucketsquatting is rather important and very interesting.
AznHisoka 8 minutes ago [-]
He is just comment squatting :)
Hamuko 8 minutes ago [-]
>We're all thinking the thing you're thinking of.
I wasn't but I sure am now.
DonHopkins 13 minutes ago [-]
It sounds like a sensitive subject, very delicate, and of no concern to law enforcement, for private videos of an artistic nature.
I started treating long random bucketnames as secrets years ago. Ever since I noticed hackers were discovering buckets online with secrets and healthcare info.
This is where IaC shines.
XorNot 4 minutes ago [-]
I just started using hashes for names. The deployment tooling knows the "real" name. The actual deployment hash registers a salt+hash of that name to produce a pseudo-random string name.
calmworm 27 minutes ago [-]
That took a decade to resolve? Surprising, but hindsight is 20/20 I guess.
Aardwolf 21 minutes ago [-]
Why all that stuff with namespaces when they could just not allow name reuse?
CodesInChaos 9 minutes ago [-]
I'd allow re-use, but only by the original account. Not being able to re-create a bucket after deleting it would be annoying.
I think that's an important defense that AWS should implement for existing buckets, to complement account scoped bucket.
16 minutes ago [-]
thih9 22 minutes ago [-]
> If you wish to protect your existing buckets, you’ll need to create new buckets with the namespace pattern and migrate your data to those buckets.
My pet conspiracy theory: this article was written by bucket squatters who want to claim old bucket names after AI agents read this and blindly follow.
sriramgonella 9 minutes ago [-]
[dead]
shablulman 22 minutes ago [-]
[dead]
lijok 35 minutes ago [-]
Huh? Hash your bucket names
why_only_15 25 minutes ago [-]
if your bucket name is ever exposed and you later delete it, then this doesn't help you.
Maxion 28 minutes ago [-]
I don't think that'd prevent this attack vector.
Rendered at 09:43:36 GMT+0000 (Coordinated Universal Time) with Vercel.
The author probably misunderstood what "account name" is in Azure Storage's context, as it's pretty much the equivalent of S3's bucket name, and is definitely still a large concern.
A single pool of unique names for storage accounts across all customers has been a very large source of frustration, especially with the really short name limit of only 24 characters.
I hope Microsoft follows suit and introduces a unique namespace per customer as well.
This is not me criticising you. I totally understand the urge to say it. We're all thinking the thing you're thinking of. It takes effort not to give into it ;)
The reason I personally would refrain from making such comments is that they have the potential to end up as highest ranked comment. That would be a shame. Topic of S3 bucketsquatting is rather important and very interesting.
I wasn't but I sure am now.
https://www.youtube.com/watch?v=KaQ-s_P5mwM
This is where IaC shines.
I think that's an important defense that AWS should implement for existing buckets, to complement account scoped bucket.
My pet conspiracy theory: this article was written by bucket squatters who want to claim old bucket names after AI agents read this and blindly follow.