Skip to main content

How to prevent other user use my cloudinary url on native app?

Chok Wee Ching
Edited

I am in react native enviroment and store images on firebase storage then use cloudinary url to fetch and edit image on the fly on client side. How do i prevent other user use my url on their app ?

Edited

Let me explain my current flow it is very simple. User upload image to firebase storage and reference the url into firebase database. To manipuate and view the image, I get the url from firebase DB then in react native image component set https://res.cloudinary.com/myAppName/image/fetch/thumbnail_format/firebaseImage.jpg. 

So how do i secure my cloudinary account url to prevent abuse by other user? I read cloudinary article and it says signed url but I don't understand how the signed url flow works. Where should i generate signed url and should i keep it in DB ?

0

Comments

3 comments

Date Votes
  • Ido

    Hi

    Signed public urls are a good way to control access to images if you are generating images on the fly. In the flow you describe you are generating images before making them public.

    In this case, a good access control method you could use would be strict transformations

    This method would allow you to give access to specifc transformations of images. So unless a transformation was approved by you on the backend, it cannot be created.

    So what could be done is to approve a specific transformation, and then create the image you want and publish it. 

    End users won't be able to create other images unless they were already approved.

    You could also further restrict access to the original image by making it private.

     

    Makes sense?

    0
  • Chok Wee Ching

    According to my understanding, I have to generate signed url at backend to keep api secret in secret right?
    How about it client side, because i use react native and it is JS.

    0
  • Ido

    Hi

    Creating a signed URL is indeed done at the backend.

    If I understand you correctly you want to disallow users from using your links to generate new images.

    In that case, you could use strict transformations as described earlier or upload images as authenticated.

    Authenticated images cant be accessed without some way of authentication. So you could generate signed delivery URLs, which would restirct access to a particualt image that would be published by you.

     

    If your use case is different please let me know, and we would be happy to take a closer look.

    You could also open a request at support@cloudinary.com and we could further help.

     

    0

Post is closed for comments.

Didn't find what you were looking for?

New post