I recently purchased a new domain for the sole purpose of hosting all the static content on a separate server and delegate CPU intensive operation like thumbnail creation on a different pool. Now I would like to do some operations on images uploaded to that remote server : creating thumbnails or updating the image if we need to. Should I download the images to my server, modify them there and then upload them back to the remote server or should I try to create web-services to manipulate the images?
One of my solution was to provide an interface to upload and manipulate the images in the new domain, by leaving the old domain when it comes time to work on images, but I find it kind of awkward.
I would like to keep the new domain cookie free. How would that affect my ability to restrict any random user to use the web-services if I decide to go that way?
Well you already have a server but this seems like it would have been a good oppurtunity to use google App Engine's image API. You could upload directly (I think size limit is 1 meg) and there are functions for resize, crop, etc.
http://code.google.com/appengine/docs/python/images/overview.html
Related
Looking for some strategy here. We have a secure (subscription-based) website that points to another website for streaming video. Currently, a savvy user could potentially share the link to the streaming page thus bypassing the login. Looking for ideas on how to:
Prevent sharing the link
Cloak the link...or
Make the link from the origin page point to a dynamically-generated URL that can only be visited once.
Thanks in advance!
Unless there is a form of streaming the video from the third party to your application (by streaming I actually mean sending the video in chunks of data to your backend, assembling them back together, and serving the actual assembled video as if it was hosted directly on the same host as the web application, I have personally done this using Amazon S3 for my open-source subscription-based CMS called phpReel) I don't think you can securely do this.
If you do want to go down this route please note that it might get expensive if you have a lot of active subscriptions but if you are interested you could check out these files as they showcase how I have done it for phpReel. I am afraid though that you might need a developer for this job.
On a more optimistic note, may I ask what service do you actually use to stream your videos? For example, Vimeo with the cheapest paid plan offers an option that restricts access to your video outside a specific domain name. Meaning you can set that your videos must be streamed only on domain.com, and thus they will be accessible there and only there.
I'm using Google Storage to store profile pictures of my users. I have couple of thousands pictures.
Now the pictures are being saved in a bucket like so:
data/images/profiles/USER_ID.jpg
So the URL to an image:
https://storage.cloud.google.com/data/images/profiles/USER_ID.jpg
I don't want users being able to see someone else picture by just knowing their USER_ID, and still, It has to be the USER_ID for easier search from a developer's side.
I can't use Signed URL as my users do not have a google account, and the pictures from the storage are fetched from a Mobile Application.
Is there a way to keep the file names as they are in the storage, but simple hide the path+filename from the URL?
https://storage.cloud.google.com/fc720d5c05411b03e5e2a6692f8d7d61.jpg -> points to https://storage.cloud.google.com/data/images/profiles/USER_ID.jpg
Thank You
You have several options. Here are a few:
Have users request the URL for another user from the server, then have the server decide whether or not the user is allowed to see the image. If so, have the server (which does have a service account) generate a signed URL and pass it back to the user (or redirect to it). This way, although the user may know the user ID of another user and the URL of their image, they still can't see the image unless the server agrees that this is okay.
Use Firebase Storage to manage the images, which will still store them in GCS but will give you Firebase's auth support.
Proxy the images through your app, either an app engine app or something running in GCE or GKE. This lets you hide everything about the source of the image, including the user ID, but has the downside of requiring all of the data to pass through your service.
Reexamine your requirements. "Easier search on the developer's side" may not be as important as you think, and you need to way the benefit of that vs the cost of working around it.
Another option is Google Images API available on AppEngine. You can link your Cloud Storage objects with Google Images API and use benefits of this API - secure URLs, transform and resize images using URL parameters.
You only need to prepare servingURL for every image stored in GCS and persist this serving URL (for example in Google Datastore)
ImagesService imagesService = ImagesServiceFactory.getImagesService();
ServingUrlOptions suo = ServingUrlOptions.Builder
.withGoogleStorageFileName(gcsImageObjectPath)
.secureUrl(true);
String servingUrl = imagesService.getServingUrl(suo);
In this age of *chat applications and various messaging software, I was wondering if there is already an official protocol (RFC) that would follow the following basic flow:
Client connects to Server for a new session
Client uploads an image (or video) with metadata information (size, resolution, format) to server
Server does some work (not part of the protocol)
Server replies with REJECT then client goes to 1.
Server replies with ACCEPT then client stops and gather the result as part of the reply from the server
I have a proprietary solution now that does the basic (supports basic formats) and as we know, the devil is in the details so I wonder if some existing protocol would cover the stream format and more unhappy paths I may have missed with this simple design.
I'm not aware of any protocol that can handle file probing for you ..
ffprobe is a good open source solution to do this but requires processing power and scale.
So this step must be done on server side, after the upload. You cannot trust the client for such information.
I suggest the cloud approach. Here, we're using Amazon Cloud.
Upload your file to AWS S3. You can use multi part upload for faster upload. No need to scale anything, AWS will do it for you.
Your clients just request a signed URL from your web server. The server return the URL and an ID for this new asset. Your clients upload to AWS S3 using the URL.
Once the upload is done, your client make a call to your server again to say: "I'm done with Asset ID blah". Your server knows the asset is now uploaded and can initiate transcoding, analysis, DB updates, etc.
We do this exact scenario in our project.
For transcoding at scale we use our own open source project: https://github.com/sportarchive/CloudTranscode
This is not an easy business, especially if you want to handle videos.
If you restrict yourself to pictures, then a lot can be done on the user side. You can create several versions of the image in JS, directly in the browser for example or in the mobile app, and upload them to your server. The load is much smaller and you may not need this decoupled architecture.
If you handle videos, you need a solid backend.
Hope this help
I have to implement a video collection website for users of a specific ISP. The site will be hosted on a public web-server but all the movies will be hosted on local ISP server. The user of that ISP + general visitors can see the available movies; but only ISP's users will be able to play them.
The player on site will point to URL of a local machine (http://192.x.x.x/movies/mymovie.mov) this private class (192.x.x.x) will only be accessible to ISP user.
Question: Is it possible with PHPMotion script? or I need to do custom work.
If possible, can someone please suggest available MODs?
PHPmotion would require some modifications to be able to handle something like this. Uploading, conversion, thumbnail generation, and playback are all pretty static in PHPmotion.
Really though, rather than modding the entire upload and conversion process, if you created a quick custom form to add entries to the PHPmotion database (maybe include thumbnail upload), then tweaked the playback paths, you should be good to go on the PHPmotion side of things. This would assume that you already had your videos in a format that the player could handle (such as flv or mp4).
I have a servlet for allowing manipulations of images - zoom, etc.
What's the best way to deploy this service so that the users of the servlet keep their images confidential?
I assume this means they need to run the servlet on their own servers rather than on mine.
Is there any other way of providing this service to them?
They have to give you the image for you to transform it. You can promise that you delete it immediately afterwards, but your users will have to take your word for that.
File hosting services can maintain confidentiality by hosting only encrypted files that the service operator cannot open themselves. But you cannot manipulate an encrypted image without decrypting it first.
You can use HTTPS to make sure there are no eavesdroppers, and also make sure that you send the image to no one except the owner of the original (as far as you can tell from the login session). You should delete any files as soon as you can.
As you say, the only way to ensure that no one else gets to see the image is to run the application on the user's end.