Just a coder and a dad. I love my family and I love to code!!!! started coding at 11, so I have 25 years under my belt. Still love learning about it every day. Black lives matter!
It could be a option and one that we discussed. The concern is if for what ever reason someone were to gain access to that url, they could gain access to protected information. We prefer it be locked down
That's fair! With S3 (and likely other solutions) you can generate expiring URLs which might solve for part of that problem, and set up access control to restrict things to requests from your application, but that might end up being more work up front than keeping everything in-house.
Just a coder and a dad. I love my family and I love to code!!!! started coding at 11, so I have 25 years under my belt. Still love learning about it every day. Black lives matter!
We deal with PHI, so we can not have a unsecured link, even if it expired right away. So unfortunately this was not a working solutions for us. But it is a good solution for other cases. Thank you for the suggestion. We are going to end up creating a new restful service to deliver the files behind the auth.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Is external storage an option? For example, sending over an S3 URL via the server and then retrieving the file from there?
It could be a option and one that we discussed. The concern is if for what ever reason someone were to gain access to that url, they could gain access to protected information. We prefer it be locked down
That's fair! With S3 (and likely other solutions) you can generate expiring URLs which might solve for part of that problem, and set up access control to restrict things to requests from your application, but that might end up being more work up front than keeping everything in-house.
We deal with PHI, so we can not have a unsecured link, even if it expired right away. So unfortunately this was not a working solutions for us. But it is a good solution for other cases. Thank you for the suggestion. We are going to end up creating a new restful service to deliver the files behind the auth.