I'm trying to find out what is the best storage service for my specific problem.
The Application
I'm developing a mobile app with Xamarin (.NET). Each user has to register and log in to use my service. Each user can be in several Groups where he hast the permission to store files in (each file about 200kb). My Backend is a EC2 instance hosting Cassandra as my database.
The Problems
I think about using AWS S3 for storing the files.
Question #1:
Should i directly upload to S3 or should i upload to EC2, handle the permissions and then store it in S3. When using direct upload to S3, i have the advantage of much less bandwith used on my EC2 instance. For direct uploading i have to provide a Token Vending Machine, which has two modes for providing the credentials i need to interact with S3: anonymous and identity. As i read the anonymous approach is mostly user for read-only scenarios. But for the identity approach the user has to register in a browser windows, which is absolutely nothing that i want for my users.
The application initiates communication with the TVM by bringing up a
browser on the mobile device to enable the user to register a user
name and password with the TVM. The TVM derives a secret key from the
password. The TVM stores the user name and secret key for future
reference.
Is it even possible to handle the permissions i need(each user can only upload and download files to groups which he belongs to)only with assigning AWS permissions to the TVM credentials?
Question #2:
Should i maybe consider storing each file directly in cassandra, since every file is only about 200kb? Problem here is, that the same files could be accessed several times per second.
I would use S3. That way you don't have to worry about bandwidth and permissions on the file. You do have interact with the Amazon S3 and IAM Service (Their authorization service). You can do this through the API and your language of choice (Python, Ruby, Java, etc)
If you are concerned about being tied to Amazon you can potentially setup something like OpenStack Storage (compatible with the S3 API) in your own datacenter and move your data to it. The files would still be handled by your initial application since your code would be "S3 compatible"
Related
I want to create a mobile app (xamarin form, c#) that access a cloud storage to store my files like .csv and images which are read only by users.
I could then update the data/files in the storage, and make it available to all users.
I don't want my users to authenticate by using their account.
I expect that the app know how to connect and access to my account (i.e. my dropbox account or gdrive account) in background. It will be seamless to the user.
In short, I would like make my dropbox or gdrive or other clouds files, able to be seen by all users via my app
I tried dropbox and gdrive, but it seems like they use Oauth which require users to login to their account, I don't want that.
Any recommendation or some insight for me?
Thanks a lot stackoverflow
If you want to store user information in the cloud service in any way, Google Drive may be the best choice.
The following address describes all the requirements for integrating the application with Google Drive
https://developers.google.com/drive/api
In Google Drive, you will receive an API key through which your application will upload and download files, and you do not need to create an account for the application's uses or personally authentication.
To use, it is enough to be able to call a rest API
and here it is the API reference:
https://developers.google.com/drive/api/v3/reference
Is anybody knows how to share cookies between 2 windows users?
I have a Windows 10, where have 2 users: one is admin and second is operator.
Admin is logged in into the system and then goes to the web site, where setup some config. In this config we have some specific value which should be store locally in machine and operator shouldn't know nothing about it. So he is set some kookie { someKey: someValue } and then log out from Windows.
After this operator log in into Windows and open the same website and he should have access to this cookie { someKey: someValue }.
I search around we and found nothing about it. Found only solutions about save to file system, send via tokens and save MAC address with a value into DB. But this is not suitable for me. I know that share cookies and store locally isn't secure, but need to implement that feature.
Web project based on chrome browser, asp.net mvc, angularjs and ms sql for db storage. Is anybody can help me with this issue about cookies?
There is no way to do this. First, every browser has its own way to store and retrieve cookies. It is impossible to write something that will work for any platform and any version.
Second, there is security. You can't just copy some files and expect this to work. Browser developers aren't stupid to leave such a big security loophole in their software.
You are mixing Windows applications with full control over the system with a web application that only resides within the browser. You should find a better way. You could use a certificate installed on the machine to validate the user, but it seems to me there are better options, like simply logging in, etc.
Cookies are a browser component that all major browsers locate in user specific directories. if you could change it to HTML5 storage API and you could setup the storage to a folder both users have access (dunno about this). You could have client side shared data. Most probably, you could not. And certainly not using cookies.
Disclaimer: I havent used storage API
Edit: Just checked. Storage API does store the data un user specific folders, so cannot use it either.
"In practice, "client-side storage" means data is passed to the browser's storage API, which saves it on the local device in the same area as it stores other user-specific information, e.g. preferences and cache. Beyond saving data, the APIs let you retrieve data, and in some cases, perform searches and batch manipulations." Source: https://www.html5rocks.com/en/tutorials/offline/storage/
Does the C# .NET client library for the open source self hosted parse-server have support for calling Cloud Code functions? If so, how can this be done?
EDIT: I did find this http://parseplatform.github.io/docs/cloudcode/guide/ which does give an example of using the .NET library for calling a Cloud Code function, however it doesn't seem to provide any information on the client app providing authentication information so the Cloud Code function can check user permissions for a specific action. Is this possible?
Thanks!
You can access all your cloud code function from the client after you initialize Parse SDK with you appId and serverURL.
If your requirement is that only logged in users will be able to access one or more cloud functions then in your cloud code you can check the following:
if (request.user) {
// user is logged in
}
because in parse-server there is not Parse.User.current() anymore so the logged in user is being sent as part of the request.
Now in order to allow/prevent a user to read/write a specific object you need to use ACL (Access control list). When you create new ACL you can specify which users/roles can read/write this object. You can even decide if this object is public read or public write and it is any user will be able to read or write from/to this object.
You can read about ACL's and Roles in here
I have a game I've been working on that I want to do a sort of "cloud saving" with. My issue is securely uploading save files so that we don't expose our website or FTP server. Right now, I'm using FTP with a severely restricted account that has access to /saves, but it also has access to each user's save directory. Malicious destruction of save data was solved with some clever design, and it's not what I'm worried about. I am worried about someone getting ahold of the FTP account I use to login (wouldn't be too hard, because it has to be stored in code) and using it to make multiple connections and upload massive files. I don't want to place an upload restriction on the account, because all of my users have to use the same account for uploading, and I don't want legitimate users running into issues. However, this still presents an issue. Users have a WordPress username and password they use to launch the game, and the launcher validates permissions through WordPress. Ideally, when people buy the game I'd like to create a directory for them, as well as a username and password and upload limit of probably 10MB/day, but I doubt our hosting service provides this so I'm looking at alternate methods.
tl;dr How do I restrict users of my game into a specific directory with an upload limit, potentially without using FTP? I tried to do uploading with PHP before, but it's generally frowned upon when a remote PHP script tries to access files on a user's machine without any sort of FORM element. I guess it might work if I could initiate some sort of upload from the client... I'd still have to find a way to prevent malicious uploads, though.
Any ideas, anyone? This is something I'd really like to do, and to do it I need to make it secure against attacks.
Thanks!
Isn't this the kind of problem that web service created to solve? You can create a web service, integrate it with your user database, so your game would call the service to upload and download the data with authentication token from Wordpress. It won't stop anyone from DDOSing your webservice, but at least no risk for leaked password. Do note, according to this article, there's a hard limit to the uploaded data at 4MB. Of course you can simply split the file before sending them and handle the joining at the server.
I'm creating a desktop application in C# that will act as a backup program. What I want to do is allow a user to create a schedule for when a backup should happen. I created a windows service that runs in the background that will run based on this schedule.
Right now, my program will copy files that the user has selected to another local user-selected folder. However, I want to extend this to allow users to backup their files to the cloud on a scheduled basis, specifically, their Google Drive account.
I'm not sure if this is possible, though, or how to go about it. I've got code working that will upload files to a Drive account, however, that requires the user to grant permission to my program each and every time it runs. My question is, how can I accomplish this to be done automatically? Is there a way to have a user enter his login credentials once and then allow the program to access their Drive account automatically thereafter, without them having to grant permission every time?
You need to store the access token for your user somewhere and use it to request a new short term access token when you do the backup. From the Google Drive API Docs:
Google Drive applications only receive a long-lived refresh token
during the very first exchange of an authorization code. This refresh
token is used to request new access tokens after a short-lived access
token expires, and it must be stored in the application's database to
be retrieved every time the user returns to the app.
See the documentation here for setting up OAuth in your application