I don't want to have a readable endpoint like this .com///something.jpeg
so one thing I could do is use hash (I'm using bcrypt) to mask whatever needed to be mask, but my question is will it have performances issue doing encrypting on the server side as I did not save the encrypted string into my db.
Here's how I will do it.
Saving
Bcrypt user_id, blog_post and filename and save my file into storage
Retrieving
Get all the related identifier from the db, bcrypt them and use the value to go get the endpoint of the file.
Am I doing it right?
Related
Is there anyway to like encrypt the url, I have a copy of a file that is stored somewhere else (var linkoffile = url where that file is saved) , and when a user requested for that file, I will make a copy of that url in another collection in mongodb and it has an expiration time , a time duration where that file will be available for that user, after that time , the copy of that url will be removed for that user (here I used TTL Indexes of mongodb). But Im thinking that since the url of that file is exposed in the frontend or in the client side, even if you removed the url copy in the mongodb , any user that already copied the url before it expired can still access the document, so im thinking of like encrypting the url so that user will not now where that file is coming.
Is there any way to achieve this? or is there any other solution that can also achieve what im planning to do?
I am typically transferring JSON objects from JavaScript and saving them with PHP.
I then append them to a specific text file like this:
$theFile = fopen("Data/" . FQ . ".txt", "a+");
fwrite($theFile, $data.PHP_EOL);
fclose($theFile);
Can I add code to save this information as an encrypted text file?
Ideally, I want:
All the files on my server to be encrypted
A secret key that is stored on my local computer
To decipher, I would:
Transfer data from server to local computer
Use my local secret key to decipher
I want this so that if my server is compromised, all data is gibberish without the secret key (which is NOT stored on the server anywhere).
You're going to want a symmetric encryption algorithm, such as AES. It turns out that there is a decent JavaScript implementation of it as part of Forge.
https://github.com/digitalbazaar/forge#aes
You'll want to use CBC mode to encrypt the payload and send it to your server.
If you're dead set on keeping this in a text file, you'll have to base64-encode this binary data. Do this server-side. Your client code shouldn't need to know or care how your server is actually storing the data. Plus, you'll save yourself 33% bandwidth, and some client-side CPU.
As a bonus to the base64-encoding, you'll be able to line-delimit the records in your text file.
When you return the data to your client, you should decode the base64 and send them the binary encrypted data. The client will then decrypt it using the key that only it knows.
I want to save base64 (I already converted it on server side) to db. I successfully did it, but I want to return them to client side by GET request.
The problem is when I decode base64 format to File(I need to send to client side File, not base64).
The best solution I found is to use fs.writeFile function, that saves file to disk(nodejs folder). But the flow looks bad: By GET request I need to get base64 from DB,convert it to File, save File to nodejs folder, then send File to client side and then delete this File from nodejs folder.
Maybe anybody can optimize this solution without saving files to nodejs folder? Thanks :)
I know that blob is a data type for binary data as integer is a datatype for int. As they say, It's used to store files directly in database (we move our audio file into blob, and save that blob in database).
Question 1) why to store blob for audio if I can just put the audio in storage for example path /var/www/audio.mp3 and in database I store path_name /var/www/audio.mp3?
Question 2) which is better ? how netflix stores movies? just blobs or what?
Question 3) Curious if there're any cons or prons if you could just give me ideas so that I know when to use them .
Putting the blob in the database, rather than a file, allows you to grow to multiple servers with load balancing. If you put the data in files, you would have to replicate the files between the server. Most databases have built-in replication features, this isn't as easy for regular files.
Better to use external storage/cdn for serving such kind of large content.
How Netflix and our works? They upload content on external bucket i. e. S3 and write file name in db for identification. According to user file access frequency that file cache on CDN/edge location. User will get awesome experience while content server from their nearest edge location
With blob you can store all kinds of stuff.
Do you communicate with an API via SOAP or JSON and want to store it in the database? Use a blob. Want to log what a user filled into a form when it threw an exception? Store the entire post as a blob. You can save everything as is. It's handy for logging if you have different data formats. I know an API which expects some data via SOAP and some as JSON. To log the communication I use blob because the response may be in XML, JSON, a number (http code 203 for empty but accepted) or an exception as array.
I am creating user profiles (javascript webpage) that I store in a SQL database
Those profiles have a primary key ID that has auto increment feature.
When the user is creating its profile, he has to upload a file.
I'd like this file to be named id.ext, the problem is I upload the file through ajax during the creation of the profile, before the profile is saved in database as the user need to profide information about this file in order for the profile to be acceptable.
I could retried the max(id) in database and use it during my ajax upload but if 2 people are creating a profile at the same time : problem.
I've come up with other solutions :
naming the file bigrandom.ext and storing this name in database, but my boss absolutely wants id.ext
creating blank profile with an "uncomplete" flag + date at upload and run a batch each month to delete uncomplete entries in database
upload with id.ext, if the file already exist, name it id+1.ext and inform the webpage through json message in return of the POST query
As I think it's a common problem I guess there is some best practices about this, maybe even a feature from SQL I don't know.
A sequence object in the DBMS is far safer and more robust than taking your chances with MAX(id) +1. MS SQL Server has supported sequences since SQL Server 2012, and other database platforms have had them for an even longer time.
try adding a Guid field in the Table and create it when uploading the image. it will be unque always. U can save the image with this Guid as name.