I'm setting up a service which allows a single 3rd party to access a file over HTTPS. The only security mechanism the 3rd party supports is Basic Authentication.
To reduce complexity, I was going to host the file on S3. However, S3 does not support BA, so I would have to use Cloudfront with an Edge Lambda or API GW if I wanted to use BA - Not complicated, but adds additional moving parts.
This got me thinking: in a scenario where authorisation is binary (read or not read), what benefit is Basic Authentication over obscuring the filename using a suitably long (16-32 chars) random-like filename?
Edit: The point of the question is to question the old mantra of "security through obscurity is not security". The solution of randomising the filename could be considered at obscuring. So what is the threshold for security? Or perhaps, my proposal is not actually considered STO at all?