I got the below snippet from google. I am curious to understand and decode how image src path configured. Is the image name itself encrypted.
<div><img class="imspo_tps__hs-img imspo_tps__hs-border" src="http://t3.gstatic.com/images?q=tbn:ANd9GcSIBJRTNFd7FodMrT8uvaTG9mZhP_ViztHyuSNvtkpEpg4_YIg7Kblkq2i-1l1HXgrfev0" style="width:42px;height:42px" alt=""></div>
What Google stores in their path ask Google.
To your question "how to provide encrypted image path": There can be many ways.
When you are creating deployment image, rename folders for instance with their hashes, rename the file nameswith their hashes. These changes should of course be done also in the application code (PHP, Java, etc. depending on what you use).
Implement hashing or other name replacing on a proxy level: encrypt/hash outgoing names and decrypt ingoing. Then your application code, folder names, file names remain unchanged.
If your users need to be authenticated, then you have some sort of session. May be it is a light weight session, but still you have at least unique user token. You can use that as an additional key to encrypt outgoing and decrypt ingoing URLs.
Related
My code (view) So far everything is working well when am accessing a folder(uploads) withing the root, but i would like to access a folder located in a different location withing the same server without showing sensitive information in the url when the image loads.
<img src="<?php echo base_url('/uploads/'.$popular_car['img_path'])?>" class="card-img-top"
style="height: 150px;"></div>
There's many alternatives. Most will involve some sort of database use. This is what I do (greatly summarized)
Every file that will need to be accessed has a record on a table. The record has a primary id, a secret random token and the path to the file. The table is indexed by both the primary ID and the token.
On the URL I get something like base_url('controller/file_access/).$id.'/'.$token. Upon receiving the request, I'll check the files table, if there's a match for both parameters, I'll stream the file to the browser. This way of doing things, albeit a little bit more complicated, has two main benefits:
1.- it prevents a user to just try different numeric IDs and see what is displayed. Since IDs are numeric and autoincrementing, all you'd need to do is looping from 1 to 100000 and download all files. Adding the token and querying the table with both parameters greatly reduces the risk of someone getting a file he/she's not intended to.
2.- it obscures the real location of the file, as streaming it to the browser in this way looks (in the eyes of the browser) as being located in example.com/controller/file_access/id/token but the real or relative path to the image remains hidden and non-accessible from the web.
Using this as a base you can add a lot of logic on top of this depending on your needs. You could also have an "allowed_user" field in the table if files are private and/or user-specific so that you don't stream the file if the user is not allowed to see it (even if he has the correct ID/token combination).
This is just a rough description of what I do on a couple of sites. Take it as the theoretical foundation you can build on.
I'm studying different technologies to create an API for a multi plateform application. This application has to give the possibility to users to share a file with a friend without authentication, but the URL has to be unguessable so the file keep secret. Juste like sharing picture feature in google photos.
Spring boot is one of the most interesting framework to create a multi plateform API, but I'm wondering if it's possible to create a secret and unguessable URL.
Thank you for your time.
To answer your question : you can organize your URLs path with some random hard-to-guess part (eg https://hostname/fileshare/Zak/myVideos/295223cb464d4e4794b93a09a1c730fd) UUIDs are 128 bits data and pretty much standard.
Another way would be to add a checksum token in the queryString :
https://hostname/fileshare/Zak/myVideos/lolcat.mp4?h=187515ZEDwhere the token is generated from the url path (and possibly even the queryString) with some secure algorithm (for exemple hmac256) and have your Controller (or better, a Filter) check if the h parameter is indeed equal to the hashed path.
EDIT : further explanation :
I'm assuming you've already got (or at least intend to have) a controller capable to serve content based on a file system directory. In my previous example, I assumed something of the likes /Zak/myVideos/. Spring controllers can easily return files in this directory by their filenames, but if the filename are easy to guess (eg video.mp4), I understand that /Zak/myVideos/video1.mp4 would be vulnerable. That's why I suggested to use UUIDs.
How to use UUIDS ?
If you can rename the files in /Zak/myVideos, simply rename them by random UUIDs and it will work transparently. The drawside to this is 1) the filenames won't mean anything anymore and 2) you're maybe not able to rename those files.
You can also have a DB table referencing filenames and UUIDs, and simply have your controller call a service to retrieve the correct filename from the correct UUID. The drawside to this is that you'd need to have a DB and write some code (and slow down API calls to query the DB).
That's why I also suggested to simply use a token. The url would still be the litteral path to your file, but require an additional parameter (the token) in the queryString. A servletRequestFilter could check whether the token is valid or not (with a simple hash + check algorithm) before granting access to the controller serving the file. This way, you won't need to rename your files nor create a DB.
It appears that the ParseFile does not have an ACL, or put another way, once the URL of the ParseFile gets out in the wild, the file is available to anybody who can make a GET http request.
I hope I'm missing something in the documentation, because this does not sound like a great idea. As best as I can understand it, this means that the URL is "protected" only by the ACL of the ParseObject that holds the reference to the ParseFile.
Perhaps it's relevant to know that I'm reading/using the .NET+Xamarin bits.
I think you've summed it up best yourself:
"protected" only by the ACL of the ParseObject that holds the reference to the ParseFile
If someone does happen to know your url for that particular file then kudos to them, because they are uniquely created, just like objectId's:
.. containing the name of the file, which is the original file name prefixed with a unique identifier in order to prevent name collisions. This means you can save files with the same name, and the files will not overwrite one another...
So in other words, the last path component will always be unique:
tfss-db295fb2-8a8b-49f3-aad3-dd911142f64f-airlines.txt
Even if you re-upload a new airlines.txt document:
tfss-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx-airlines.txt
To summarize ACL:
An ACL, or Access Control List can be added to any Parse.Object to restrict access to only a subset of users of your application.
So according to Parse, it's purposes are intended for the object itself, not specific parameters of that object. As of now, they do not support say, setting a specific read/write ACL on the objects 'Title' column or 'Email' column or a specific column type, the ACL's are object or User dependent.
For those that are interested in reading more about Parses ACLs can see their resource here: http://blog.parse.com/learn/engineering/parse-security-i-are-you-the-key-master/
For example, I have a field that give user to type their domain, the user can type any domain on this, but I don't valid this domain is belong that user. Of course, I can generate a random number text file for user to upload, and when I get the random number text file, if it is match, I can just treat it as a valid domain holder. But, except from this method, is that anyway to do so? Thanks.
Options I have seen:
Have user Create a Text file in document root, check for it
Send Email to contacts listed in whois (Or other ROLE type accounts (postmaster, hostmaster, etc...), with token they need to
return
Have them create an 'A' record in their DNS that is unique and you can query for.
There really isn't any other way of telling if they have control over the domain. Using whois information isn't 100% accurate as people don't update it, or their info isn't registered to them, or is hidden behind something like domains by proxy. There is no standard information in DNS, that can tell you ownership. Since google uses the DNS method and the text file method (I think), you can probably safely assume that is a good way to verify it.
Lets say I have a origin server which through the act of a redirect with particular query string params needs to provide details to a target server. However, I need to ensure those details came from my origin server only.
Also I can't sure the integrity of the target server. Or specifically, the target server might be compromised so any encryption keys might have been read by a malicious party.
I'm thinking I could sign the query string using some form of public/private keypair. The origin server uses a private key to sign the string, and the target server uses a public key to verify it came from my origin server, and the message hasn't been tampered with.
I'm far from a cryptography expert or anything, so any assumption here I've made might be wrong, please correct me if so :)
I'm basically after a (hopefully) simple way to do this in Ruby.
Probably, the easiest form of signing the query data (in your case a redirection URL) is by using an HMAC. Your origin and destination server would need to share a common key in this case - HMACs are not a form of public/private key cryptography, but rather a form of keyed hashing.
The module you're looking for is ruby-hmac, and your source and destination server would have to do something like:
require 'hmac-md5'
HMAC::MD5.new("<your shared key>").update("<your URL to check>").hexdigest
and compare on the destination side that the digest computed by the HMAC on the source side is equivalent: both sides thus do the same computation. The hexdigest of the HMAC can simply be transported by an additional query parameter from source to destination.