Private/Authenticated Media still accessible to anyone with link
Hello,
I have site where users sign in, and can upload videos and/or images in discussions.
I only want these Cloudinary links to be accessible to users that are signed in to my site. I don't want them to be able to say copy and paste the link and share it anywhere else.
Is this possible? Under ISO standards, we need users media to be only accessible to users on my site.
Right now I have a free account, but will be purchasing a "Plus" account in the near future.
-
This is possible. However, this feature is available on our Premium accounts.
We have other security measures that can be applied. Please take a look at the following for more information- https://cloudinary.com/documentation/image_transformations?query=cooki&c_query=Control%20access%20to%20images%20%E2%80%BA%20Authenticated%20images%20%E2%80%BA%20Cookie-based%20authentication#control_access_to_images
-
Does a Premium account include the "Plus" plan?
As for that link, i'm not sure any of those meet my company's requirements.
To delve into things more, here is my current situation:
- My company has multiple clients who use the software we build (ex: site 1, site 2, site 3)
- Each site can upload videos and images in discussions. I know there can be folders set up in the account, and then you can upload to that folder (each site would have a folder, so that's not a problem, I know how to separate images/create folders)
- Only logged in users with an account on those sites (site 1/2/3) should be able to access the videos and images. This is a very strict rule that cannot have any workarounds, or other measures. If a user copies a link, and shares it on any other site, it should not work.
- These images need to be available 24/7 to logged in users on those sites. Basically, if they have an account with the site, and are logged in, that image/video should ALWAYS be available to them.
- Users should not have to login into a cloudinary account, or enter a password to see the video. Once they are logged in and go to a discussion, they should see every image and video that is for that site.
What I was kind of imagining was an api key type auth, where each site has their own api & secret key (since you can add multiple access keys), and then there'd be a way to only access those images if that api key/secret was instantiated. Again, this is just how I envisioned something like this.
I have spent hours upon hours reading through your documentation and guides and api references, and I haven't really seen anything regarding what I need above. I could be wrong though, maybe I missed something!
I think this is a great platform, but my company has very strict security/privacy needs that need to 100% be met with no workarounds.
So please let me know if my requirements can be met or not, and if so, with what type of account (Pro, Advanced or Custom)!
Please sign in to leave a comment.
Comments
2 comments