I'm designing a system where users can access files stored in an external content storage service such as AWS's S3. Here's a simple diagram:
------ ------------ -----------------
| User | <=> | Web Server | <=> | Content Storage |
------ ------------ -----------------
The files are stored with a (long) unique ID. I'm concerned mainly about two things: performance and information security.
There are two options that come to mind but I'm sure it can be done in a better way (performance and security-wise):
- Give the user a url with which the file can be downloaded directly from the content storage service. Cons: the URL could be brute forced. This could be solved putting a password to the file, but I'd like to use that as a last resort.
- The web server downloads the file from content storage service and then serves it to the user. Cons: too much traffic.
Is there a way to make an HTTP redirect without exposing the file's resolved URL? Something like proxying packets?
I don't want to make this technology-specific (that's what SO is for), but just in case it adds any value, I'm using Rails a rails server behind nginx. I have full control over the web server, but I'm limited on the content storage service since I'm using S3.
Aucun commentaire:
Enregistrer un commentaire