ShareFast

Security roadmap

Safe company sharing without losing direct links.

ShareFast should stay convenient for quick artifact sharing, while every shared file gets an explicit access policy, an expiry, and a renewal path.

Current posture

Anonymous upload remains allowed. Public file discovery is closed. Shared links now expire by default and can be extended or revoked by admins. The next safety layers are owner renewal, optional passcodes, and domain/email access controls.

Direct links

Keep one-click sharing for day-to-day work.

Passcodes

Add lightweight protection for sensitive files.

7-day expiry

Make temporary access the default, not a manual cleanup task.

Renewal requests

Let collaborators ask for renewed access after a link expires.

Domain allowlist

Limit internal files to verified @coderpush.com accounts.

Email exceptions

Permit named external collaborators without opening the link to everyone.

Phase 0

Now

Discovery and expiry

  • File listing is admin-only.
  • New links expire automatically after 7 days by default.
  • Expired and revoked links stop serving the viewer and raw HTML.
  • Admins can extend, revoke, or delete links.

Phase 1

Next

Owner renewal

  • Share URLs stay direct and easy to send.
  • Anonymous uploads remain available.
  • Expired links show a clear renewal path.
  • Owners can request or approve replacement links.

Phase 2

Protected links

Optional passcode

  • Uploaders can add a passcode when a file needs extra protection.
  • Passcodes are stored as hashes, not plain text.
  • Successful passcode entry grants temporary browser access.
  • Repeated failed attempts are rate-limited.

Phase 3

Company access

Domain and email allowlist

  • Links can be restricted to verified @coderpush.com viewers.
  • Specific external email addresses can be added when needed.
  • Direct URLs remain shareable; access checks happen after opening.
  • Admins can edit allowlists after upload.

Phase 4

Renewal

Ask for renewed access

  • Expired viewers can request renewed access.
  • The request goes to the owner or admins.
  • Approved requests extend the Drop Expiry or clear revocation.
  • Revisions keep the same URL and inherit the Access Policy.

Phase 5

Hardening

Operate safely

  • Uploaded HTML moves to an isolated artifact domain.
  • Raw and viewer routes enforce the same access policy.
  • Audit logs track uploads, views, denials, extensions, and deletes.
  • S3 lifecycle, encryption, and access logging are verified.