I'm using Google Cloud Storage for media. My website is stored elsewhere. I just want to display an image on my website without make this image public. I tried to display this image like this:
create API key for browser limited to my website (API key for http://*.example.com)
display image on this website <img src="https://www.googleapis.com/storage/v1/b/MY_BUKET/o/MY_MEDIA.jpg?key=MY_KEY" />
I can see in chrome console : ... "code": 401, "message": "Login Required" ...
I don't understand what I've missed, if I read the doc from google I'm lost: I just want to display an image with low security (but not public), not manage my media from my PHP app.
I can use google-api-php-client (my website is in PHP), but I don't know if I have something to do with this to make it work. I don't know where to start...
Thanks ! (I hope it's clear enough)
EDIT: I did not found any simple code example to render a private media in HTML using google-api-php-client; I'm lost
The "key=" parameter doesn't assign any sort of permissions. It's a less secure identifier that is used to tell Google which project should be billed for this otherwise-anonymous, incoming call. It won't get you access to objects that aren't publicly available.
The only way you could embed a non-public image into your web page would be to generate a signed URL when the HTML page is requested. See https://cloud.google.com/storage/docs/accesscontrol#Signed-URLs for instructions on generating them.
If your app is hosted on app engine then you can use the CloudStorageTools::serve() function to return the image as the result of a HTTP request and put in any access control you want.
Related
I have to build an application where users can download videos from a site but cannot share them. My first solution is to save these files in a hidden location on the users computer since one of the requirements is that the user should be able to watch the downloaded videos offline.
Please how do I go about saving a file in a location the user cannot see using php.
Thanks.
One solution is to generate token for each request for a video. That token would have its lifetime. Php script should be serving the content instead of giving direct access to resource to user. The script should check if the token is still active before serving the content.
It is up to you how to pass the token. The simplest way is to make it contained in uri.
No matter where you put your videos in your directory structure, you always send the data as a partial request. Once data is acquired by the user, it could be saved an reproduced.
There are techniques, however, to protect your video from direct download through curl, wget or other ways of download. And this is using a secure token and an expiration, passed as parameters. This way your video download window will be limited and generating the token manually would be pretty hard.
Chidiebere Onwunyirigbo, its a Great Question. One solution for your requirement is Steganography. It is the process of concealing your data (videos) behind other files (multimedia files like image, audio, video), in your case preferable would be Image Steganography. It is quite a old technology but new to many, you can get several ready tools/code for it on the internet which you can customize as per your need. From your side you have to provide the file that is already embedded inside the image for download. Only the tool coded for retrieval and rendering the hidden video can render your video. So, for this part all the users of your site have to first download this desktop application from your site for viewing the video. This will keep your videos safe on the users computer offline, because every user who takes the video will require the reverse steganography tool to be downloaded from your site. You can even embed secret info like users IP inside the Stego image along with the video and for each tool download, associate user computer's IP with the tool. If IP embedded inside Stego image matches with that of tool only then you allow to play else redirect application to get it registered. But the limitation would be that, the users will have to download your application and will be able to view videos only on your desktop application which will render the Steganographed video.
You cannot hide information on the user computer. Even if your process are running on a windows comp as SYSTEM user, a power user can take ownership of the files.
The only solution you have, are developing or using a known DRM system, for allowing only playing the video on a determined computer or another specifications (for example, if the program have the authentication token of some user).
At any case, you need to do two things for this:
- You need a custom application to play the video, if you want to check DRM.
- You need to recode / modify something on the video before download, for adding on them a code for allow only play on the destination computer or data used for authenticating DRM.
I want to be able to serve up box.com documents to users on my password protected web site. I want to to develop a little php program that will accept a box.com share link, and using the box.com api and a OAUTH 2.0 token, retrieve the file from box.com, and then send it to my users.
Is this the best way to do this? There really isn't the need for an OAuth flow, as I am accessing my own files on box.com, I just want to make sure that my users are logged in.
I also don't want to simply share my box.com files to the whole internet.
My question: Is there a way to access a document on box.com via the api using the box share link. What I mean is that the share link looks like: https:/...domain.box.com/xxxxxxxxxx
Can I someone use the xxxxxxxxx as an ID to get/files/fileid/content api call?
Is there a way to search for a document by its share link?
I want to use the share link, because non-technical people will be generating contact, and I'm concerned that they will have trouble getting the FILEID of the box.com files.
The Box documentation answers your question:
Create a shared link for a file:
https://developers.box.com/docs/#files-create-a-shared-link-for-a-file
Anyway, I'm working on a Box Php Sdk, I hope it helps you: https://github.com/adammbalogh/box-php-sdk
I am working on file sharing for objects stored on amazon S3.Now the path for the object stored on S3 is default like this https://s3.amazonaws.com/bucket_name/path_to_file/file_name.jpg/docx etc.Now I want to share these file URLs via email through my app.
Currently when I share I see the entire URL as is in the email.I want it to be sent in an encoded form so that its hard to guess the exact location of the file.
I am using PHP and I was planning to use base_64_encode/decode functions or md5 the URLs but not sure if thats the right way to go.
So,I am looking for some tool or API (by amazon ot 3rd party) that can do it for me.
I would also like to shorten the URLs while sharing.
Would like to seek advice and guidance from someone implemented something similar.
Not sure if it comes under URL-REWRITING but tagging it under it.
Thank you
You have two options to do this:
You can map your url and s3's url in your server, and give your url to user. When user make request to your url, redirect it to s3's. You can ref http://en.wikipedia.org/wiki/URL_redirection
You can call API provided by url redirect service provider, e.g. tiny.cc/api-docs
I need to know a method to upload a video to a VIMEO PRO account using a form and PHP (to get auth). Currently I can send a video directly to Vimeo, using the panel, as was to be expected. But I have some clients that want to upload your videos directly from my their control panel (created by me), outside of vimeo, and I have only a unique PRO account, and I can't share the account data.
Seems that I can do it, based on the page API https://developer.vimeo.com/apis/advanced/upload#post (Uploading via POST).
My doubts are:
Can I really do that, without pass to my clients the Vimeo PRO account data?
It's a secure method (considering that clients respect the agreement with Vimeo)?
I need to upload DIRECTLY to Vimeo, without pass to my server, because I'll have two works: one to upload to server, other to upload from server to vimeo.
Off-topic: I believe I will not have problems with Vimeo, since they are customers of one company, and the account belongs to the company, and the videos will be her responsibility.
How should work
User access my panel, with your credentials;
User access the video upload page;
Probably the server will contact Vimeo to get an uploader auth;
User will select your vimeo file and submit form;
System will receive the vimeo ID and everyone will be happy forever.
Thanks!
Edit: This feature is now supported by Vimeo's (in beta) API3. You can request access at https://vimeo.com/help/contact
The below information is still accurate in regards to the Advanced API
This feature is not reliably supported by the advanced api.
The primary issue is that with client side uploads, there is no way to tell the upload server what to do once the upload is complete. Additionally, there is no client side technique to find out whether the upload has completed
You might be able to cheat and have the user upload through an iframe, and have the primary page perform a verify chunks call every couple of seconds. I have not tried this, at the moment it is just a theory. If you attempt this hack, Vimeo would love to know more via their contact page https://vimeo.com/help/contact
The feature you are discussing is on the roadmap for the next version of the API, and an early imperfect version was available at their API Hackday. It might be a better idea to hold off a bit and wait for the official feature.
NOTE: This observation does NOT apply to server side uploads. Because the whole upload process is handled via code on the server, it is extremely easy to tell when an upload is complete.
Answering in 2016: Assuming you have already retrieved an access token from Vimeo (OAuth2) this is a good piece of code to help you create an upload form:
https://github.com/websemantics/vimeo-upload
This gives you the code for the form with a place to drag-drop your video file and calls the upload API:
If you're using WordPress, there is a plugin available that allows you to do just that
http://vimeography.com/add-ons/vimeography-upload/
Source: I made it :)
I'm building a MYSQL database driven website on a AWS EC2 instance. Users can submit their data and we will automatically create a web page for them. The webpage will display their submitted data including a photo. Upon original submission of the user's data, we store the photo in S3 using AWSSDKforPHP. When their information is approved by an administrator a webpage is created via a php script.
I've tried the method of generating a signed url. This however requires a expiration time. Is there a way around this? It also includes your access and secret key in the request. Not sure if that is the most secure way to do things. I'd like the method to be as secure as possible so I don't want to make the bucket public. Unless there is a way to make the stored images available only for viewing.
What's the best method to use in a situation like this? Thanks for your help!!
Basically URLs to amazon S3 buckets are s3.amazonaws/bucket_name/key_name all you need to do is make sure the content on those buckets is publicly available and that mime type for those keys is indeed image (image/jpeg or image/png)
I used this web tool to manage my site. I opend my bucket just to its ip and now i can control the restriction from the tool, for the basic viewer I gave read access only