How to securely delete deployed function?

Is there a way to delete deployed function without deleting the site?

I have set up a demo to explain this case: secretive-society.netlify.app

Screenshot 2021-01-13 085447

The case: secretive-society.netlify.app should keep some top secret information secure, but accidently deployed some of them publicly. One of their members have also shared leaked deploy-previews (https://5ffe7254416d200007d96d98--secretive-society.netlify.app/) to the public. They quickly repair it and deploy new version. How do they stop leaked information being accessed?

Screenshot 2021-01-13 085513

function/hello

exports.handler = async function(event, context) {
  return {
    statusCode: 200,
    body: JSON.stringify({message: "TOP SECRET INFORMATION are kept safe and secure ? are you sure ?"})
  }
}

index.html/#script

  fetch(location.href+"/.netlify/functions/hello")
  .then(function(response){
    response.json()
    .then(function(data){
      console.log(response.status,data)
      document.getElementById('log').innerHTML=data.message
    })
  })
  .catch(function(error){
    console.log(error)
  })

Hiya @nikahmadz and sorry to be slow to get back to you!

The best way to handle this (really remove the data) is to delete the site (and potentially recreate it, without the sensitive data). That’s the only way, for instance, to delete a sensitive FILE that was part of your static deploy.

A stopgap could be to rename the site - you could change it to a-name-nobody-can-guess.netlify.app and we don’t redirect from the old name, so it would be unlikely that anyone would “discover” the renamed site - old URL’s will 404. But, security through obscurity is not a good actual policy, so I just mention it as a likely-to-cover-your-ass convenience, not as a best practice.

1 Like

Thanks for the reply. That really helps me decide development code of practice. To pay close attention to secret files.