Private/Authenticated Media still accessible to anyone with link

Comments

2 comments

  • Avatar
    Raya Straus

    This is possible. However, this feature is available on our Premium accounts.

    We have other security measures that can be applied. Please take a look at the following for more information- https://cloudinary.com/documentation/image_transformations?query=cooki&c_query=Control%20access%20to%20images%20%E2%80%BA%20Authenticated%20images%20%E2%80%BA%20Cookie-based%20authentication#control_access_to_images

     

    0
    Comment actions Permalink
  • Avatar
    Brandon Eddy

    Does a Premium account include the "Plus" plan? 

    As for that link, i'm not sure any of those meet my company's requirements.

    To delve into things more, here is my current situation:

    - My company has multiple clients who use the software we build (ex: site 1, site 2, site 3)

    - Each site can upload videos and images in discussions. I know there can be folders set up in the account, and then you can upload to that folder (each site would have a folder, so that's not a problem, I know how to separate images/create folders)

    - Only logged in users with an account on those sites (site 1/2/3) should be able to access the videos and images. This is a very strict rule that cannot have any workarounds, or other measures. If a user copies a link, and shares it on any other site, it should not work.

    - These images need to be available 24/7 to logged in users on those sites. Basically, if they have an account with the site, and are logged in, that image/video should ALWAYS be available to them. 

    - Users should not have to login into a cloudinary account, or enter a password to see the video. Once they are logged in and go to a discussion, they should see every image and video that is for that site.

     

    What I was kind of imagining was an api key type auth, where each site has their own api & secret key (since you can add multiple access keys), and then there'd be a way to only access those images if that api key/secret was instantiated. Again, this is just how I envisioned something like this.

    I have spent hours upon hours reading through your documentation and guides and api references, and I haven't really seen anything regarding what I need above. I could be wrong though, maybe I missed something!

    I think this is a great platform, but my company has very strict security/privacy needs that need to 100% be met with no workarounds.

    So please let me know if my requirements can be met or not, and if so, with what type of account (Pro, Advanced or Custom)!

    0
    Comment actions Permalink

Please sign in to leave a comment.