The “Default Token” in Cesium ion has read access to all assets in a given account. Is there a way to disable the default token, or limit which assets it has read access to?
There is no way to disable or change the scopes or assets for default token. However you are not required to use the default token in your applications. You can create additional tokens that are limited to specific scopes or assets and distribute those tokens instead. This is what Cesium recommends doing.
If you are concerned that someone has access to your default token you can regenerate it to prevent the old value from being used.
Thanks for your response.
We try not to use the default token in our apps, and we try to keep asset:read scopes to follow least privilege for all our additional tokens.
It is more about reducing risk of unauthorised access. If the default access key were to leak, then someone would be able to access all assets in the account.
Ideally, I would like to remove the default token - or at least be able to restrict assets to the basic ones (like Bing Maps, World Terrain, etc).
But because I am not able to do that, I will need to routinely regenerate the default token.
Thank you for sharing your concerns. I have written up an issue for our team to track this.
Typically the default access token is only available to people with access to the account (and would have access to the assets anyway).
Can you provide any more details about how you think your token maybe leaked? That could help us address any concerns, and prioritize any new features related to this.
Thanks a lot!
It is more about developers using the default key by mistake - or creating new keys which have access to all assets by default - which increases risk of leaking the key to other parties.
Generally I think it comes down to trying to follow security best practices. Ideally all keys are granted minimal permissions by default, and more access is granted only as required.
For example, if I were to create resources (eg S3 buckets) on AWS for multiple services/applications - I wouldn’t create a single set of credentials with access to everything - I would create separate credentials with minimal access to reduce blast radius of potential unauthorised access.
AWS IAM is setup to encourage this. If you create a user, you need to explicitly grant access to resources - it won’t grant access to everything by default.
Thank you for that additional information.