My website wants to reduce the amount of things users can do with the images...so for added security, we want to keep the image sources as a base64 strings instead of a supabase storage URL. Is this possible through supabase storage, do will I have to save the string in the db?
If you want to save your image as base64 you need to save it as a record in your table.
With storage you can create a complex policy and download files from storage and don't share links directly.
Related
What is the best approach for the following requirement: I have files stored in Azure Blob Storage with a Private endpoint. I need to show to the user, a table with a column containing these file URLs in the browser. When a user clicks on the link, it should either open the file in a new tab or download the file.
I could show the URLs and download files using the Power BI report when the Blob Storage has public access. But in my scenario, it's a Private endpoint. I tried appending the SAS token to the URL, and that also worked, but in this case, SAS token is visible in the browser which is not allowed in my case. So this also does not work for my scenario.
Can we achieve this using Power BI or Power Apps or any other tools/api?
Could you please suggest the steps?
Thanks
I tried in my environment and got below results:
If you need download blob through browser with private container, you need Blob URL + SAS token because it provides read and writes to access blobs.
If you are using public container, you can download with Blob URL through browser.
There is no option to call your Blob URL by hiding SAS token.
As workaround, if you need to hide the SAS token from the user and try to access the blob, you can make use of Power Automate connector here:
I have connected to my Azure blob storage with these Power Automate connectors. 1) I have first connected to my Blob URL endpoint> And created a SAS URI with this connector.
The SAS URI is created successfully by the connector, and I have saved the SAS token inside the compose variable for it to be hidden.
Later I call an HTTP trigger to trigger the SAS token and get the Image content as HTTP body in the output.
When I decode the HTTP body content> I get my Blob Image successfully.
You can convert base64 to image you can use this link:
If you want your users to access this Blob, you can further convert this b64 encoded string into Image and save the file in OneDrive, SharePoint for your users to access you can refer this link by eric-cheng.
If you want to Email your users the Blob file, that can also be done by using Outlook, Gmail, etc connectors later.
Some of the user’s images are stored in Azure BLOB which is not publicly accessible. In our scenario we upload the images (user’s images) on private blob which later needs to be shown at the client side(Angular). Moreover the user should only be able to see the images that is related to him and not the images of other users.
We can generate the list of images URLs at server side but when this is passed to client side to render, it would fail naturally being blob not being public.
Now, being all the users who would access the application are internal to the organization, I believe authorization to access the images can be achieved by AAD/SAS. However at the same time, I am fail to understand how would I ensure or apply the security that if wanted user X should not be able to read the images of user Y?
Regarding the issue, you can use the following suggestions to implement it.
Store the User information and his image information (such as the image's azure blob container name, azure blob blob name ) in the database.
When the user wants to access the image, query the database with the user information to get these image,
After getting the image information, use the sdk to create sas token then return the image's blob url with sas token to cliend. Regarding how to create sas token, please refer to here.
I have a requirement to encrypt the images while uploading on Azure Blob storage so that even the authorized person with all the access would not be able to see the content. Furthermore, these encrypted images are required to be shown on Browser using Angular/React.
One solution which I can think of is to encrypt the blob & upload to Azure Blob and when images need to be displayed at browser side then decrypt & download the images locally at server side, create the URLs pointing to local folder at server and serve the content to the browser.
However this solution has a downside, in my case a user can have more than 100 images to be displayed and downloading the images first at server and then serve it locally instead of pointing the direct URL of Blob storage, would have performance impact.
Is there any better solution of doing the same. Thanks
I am currently working on a Vue JS + Vuetify + Axios + Laravel architecture where I am making a dashboard. Currently I am working on the user profile where they can upload a picture for their avatar but also can upload their business licence (via a different uploader).
User need to be able to modify update those documents later on.
What is the best strategy to implement this requirement nicely and with proper security ?
Store the files in a private area of Laravel or a public one after renaming it with a random + user name?
Store the file as a blob in mysql directly and retrieving ?
Store the path of the file in mysql only while storing the file in a public/private folder under Laravel tree ?
For authentication I plan to use jwt and websanova.
Where you store the avatar depends on where it needs to be displayed. Will it be shown only to that user? Other logged in users? Non-authenticated users?
Regarding the user's business licence, I would store that in a folder that's not publicly accessible and access it via an API endpoint. This way you can implement the necessary security rules via your Laravel controller.
Generally speaking, I'd avoid storing files in a DB. You're bloating the size of the DB, which impacts on doing backups/restores, among other things. Having files stored on the file system also makes it easier to move to cloud storage (such as Amazon S3) at some point, if you need to scale your app.
I'm letting people post files to my S3 account and I don't know the filename that they'll be posting.
How do I get a signed URL for them ahead of time so they can download whatever file they have posted? I want to do this ahead of time because I don't want to hit my server again.
I'm using the ruby aws sdk.
You can't.
You can generate a signed URL from a file that already exists on S3. You can't generate a URL before you know what the URL will be.
While you can't distribute pre-signed URLs without knowing the key, you can use the S3 POST technique to generate a signed policy, which can then be used to upload files. This requires building a simple web form, or other tool which can create an HTTP POST request.
Ideally, you would create a separate signed policy document for each user, that way you can revoke access on an individual basis. Also, the policy allows you to constrain the maximum file size, the key prefix, file types and other things.