Home > Blockchain >  Is it safe to store user files with a public link but a very long ID?
Is it safe to store user files with a public link but a very long ID?

Time:08-20

In our app we want users to upload files.

We need some kind of bucket storage since we do not want to store the files directly in our database. We would upload the file and link it by a link/id in the database.

Is it secure to not filter access to the files, since the link/id can be very long and is only known by people who have access to the database row/document which is secured. Assuming the bucket storage is not iterable.

CodePudding user response:

I would like to say that it's not safe at all. What if your database is compromised and the whole data is stolen by someone? You should keep the files in your bucket privately.

If you are using the AWS S3. There is a feature called pre-signed URL. You can share objects with others by creating a pre-signed URL using the object owner's security credentials to grant time-limited permission to download the objects.

The system design flow will be like this:

The authenticated user requests a stored file to the backend from the frontend -> The backend generates a pre-signed URL using the object owner credential -> Return the URL to the frontend -> Frontend use the URL to access the private file

Hope this helps you.

CodePudding user response:

I think I will just put it behind an API and do proper custom authentication

  • Related