A client of mine is having problems hosting their own document server so they are thinking about moving the their document server and application server to the cloud. The problem is, we had a application that scanned the documents into a particular folder on the document server (internal network), now with the cloud this application may need to be revised to send the documents. FTP is out. We are looking for a host service that allows us to map the folder on the server or that would enable us to upload the documents via HTTP/HTTPS. Can anyone suggest a service that I could use to accomplish this ? Please let me knows thanks!
You might want to look at a WebDAV provider. I do personal doc backup and management against my FastMail DAV storage area and it works fine. All you need is a good WebDAV client. I use a Python lib, but there are commercial and free clients for most languages.
Related
I literally have to idea how to do that, I thought of using a HTTP server.
Roblox provides their own cloud hosted database for free use via their DataStore database abstraction API. If you really wanted to, you could create your own database server hosted on something like AWS and allow only specific HTTP headers to retrieve/store information.
"Trusted" and "Privileged" server environments are frequently mentioned in the docs for Firebase, but there's no formal definition. What are they?
How do I make my server trusted or privileged?
While what "priveleged" or "trusted" server environments are is not explicitly searchable (prior to the creation of this Q&A), it can be inferred from the following excepts.
In the docs for FCM setup, is the following excerpt:
The server side of Firebase Cloud Messaging consists of two components:
The FCM backend provided by Google.
Your app server or other trusted server environment where your server logic runs, such as Cloud Functions for Firebase or other cloud environments managed by Google.
Your app server or trusted server environment sends message requests to the FCM backend, which then routes messages to client apps running on users' devices.
And in the docs for general setup:
Firebase projects support Google service accounts, which you can use to call Firebase server APIs from your app server or trusted environment. If you're developing code locally or deploying your application on-premises, you can use credentials obtained via this service account to authorize server requests.
Important to notice is that both explicitly say "app server or trusted environment" which implies the two are different things.
Further, the first excerpt (though somewhat semantically ambiguous)
that examples of trusted environments are "Cloud Functions for Firebase or other cloud environments managed by Google."
Finally,
in the second excerpt is the information "If you're developing code locally or deploying your application on-premises, you can use credentials obtained via this service account to authorize server requests"
From all of this it can be inferred that:
Trusted and Priveleged Environments are generally things internal to google and therefore intrinsically trustworthy
App servers are generally anything which has access to the right credentials
And finally, you do not need to take any steps beyond having the correct credentials to make your server a "Trusted Environment." It does not need to be a "Trusted Environment," because what that term really means is "Owned by Google."
A trusted environment is an environment where you control what code runs on it. In the context of apps built using Firebase, this sets them apart from the devices your regular app runs on as malicious users can take your app configuration data and run their own code with that.
I often explain trusted environment, as:
Your development machine, since you're usually the only one working on that.
A server (or VM, container, etc) that you control. Only you (and people you trust) should have access to the server, so shared servers are not a good fit.
Cloud Functions, since only collaborators on your Firebase project can deploy code there.
For a little project I want to send push notifications directly from the app (without a backend).
As I read from the FCM documentation while this is technically possible with a simple HTTP POST request it's discouraged because in this way I have to hard-code the server key that will become easily retrievable with a little of reverse engineering.
So I though to add my server key in the Firebase remote configuration and use that.
What do you think? Are there some contraindications?
Thank you very much.
Storing the key in Firebase Remote Config doesn't make the approach secure. After all: the app still needs to be able to access the key and thus remote config.
Any solution that uses the server key in the client-side code is susceptible to abuse.
How would you use Firebase's simple login to allow users to upload music files.
As I understand it, it doesn't make sense to even think about storing audio files in Firebase's database which is why I would like to be able to store them on an external PHP server.
So, the question revolves on whether I can use Firebase's simple login system to allow users to authenticate to an external server.
I have seen Using NodeJs with Firebase - Security ... which gives some great insight, but then how would you enable the large file upload to the external server?
The technique from the answer you linked will work for your situation too, you just need to translate it into PHP and the Firebase REST APIs. Additionally, since the REST API isn't real-time you must add some kind of task queue that it can poll.
Your program would flow something like this:
User logs in to Firebase with Simple Login
User write to only a place that they can (based on security rules). The user also writes an entry into a task queue.
Your PHP server connects with a token that allows reads of all of the user's secret places.
Your PHP server polls the firebase every once in awhile to look for new tasks. If there's a new task, it validates the user and allows that user to post data to it.
All that being said, this is going to be pretty complicated. PHP's execution model does not lend itself well to real-time systems, and
I strongly recommend you consider some other options:
You're using a cloud platform, Firebase, for your realtime stuff, so consider a cloud service for your binaries too, like filepicker.io
If you really want to host the files yourself, use something that's more real-time like node.js. It'll save you the effort of constructing that task queue.
I'm not sure if this was answered somewhere in the documentation, but looking at the pricing tells me that Firebase has to work with client connected to the Internet at all times.
I am currently developing an application with Java-backed server and with client side done in GWT (Javascript). The application is meant to be deployed for "corporate" clients - that means in intranets.
Will Firebase be operational in these circumstances?
Well, I guess I should have read into FAQ more thoroughly:
Can I run Firebase on my own servers?
Firebase is a hosted cloud service, so the general answer is “no.” Some customers have very specific needs for where their sensitive data is physically stored and managed, so we may make exceptions. Contact us for more info.