Secure image URLs #169

slugger7 · 2024-01-03T07:14:02Z

Currently you can reach any image as the URLs are not authorized.

slugger7 · 2024-01-03T07:25:24Z

slugger7 · 2024-01-03T13:27:56Z

A few solutions have popped up:

Use cookie based authentication
this is probably the easiest fix to this issue but will have to rewrite the entire authentication of the application.
this might also ssolve issue Secure video URLs #170
Use signed url
requires quite a bit of work in order to create the signing and validating that the signature is still valid in the time. Also picking a time for the signature is valid for might be tricky.
Use streams to fetch the data
seems like it could work but seems super complicated to implement but might be worth looking into for transcoding video data

slugger7 · 2024-01-03T13:51:50Z

slugger7 added this to Ghost Media Jan 3, 2024

slugger7 converted this from a draft issue Jan 3, 2024

slugger7 added the enhancement New feature or request label Jan 3, 2024

slugger7 added this to the Neccessary milestone Jan 3, 2024

slugger7 moved this from Todo to In Progress in Ghost Media Jan 3, 2024

slugger7 moved this from In Progress to Todo in Ghost Media May 2, 2024

Provide feedback