Signed uploads - using same signature twice

Comments

3 comments

  • Avatar
    Paweł Philipczyk

    Hi Sujay,

    Securing your website from unexpected or malicious image uploads can be done in different ways depending on the site's features.

    As you mention using signed uploads is a good first step. You will also likely have to expose an endpoint within your servers and then send files to Cloudinary through it.
    That gives you complete control over when the upload to Cloudinary happens and doesn't expose the asset metadata to the client side either.

    Some ideas for security rules might be:

    • storing the files under the same public_id so that any further uploads keep overwriting the same user image,
    • keeping track of the number of uploaded images per user and limiting that,
    • keeping track of the last upload time to throttle user uploads.

    Without any kind of such rules signed uploads alone will not solve the issue automatically.

    Regarding the possibility of notifications being sent when image upload is done, you can look at Upload API notifications.

    Hope this helps, please let me know if you have any further questions.

    0
    Comment actions Permalink
  • Avatar
    Sujay Jayaram

    Hi Pawel,

    Hope you are having a great day.

    Thanks for the response which is very helpful - actually the idea regarding the public id is a really good one - thank you, I will think this through with my team.

    Very best wishes

    Sujay

    0
    Comment actions Permalink
  • Avatar
    Paweł Philipczyk

    Hi Sujay,

    I'm glad you found that helpful. Please let me know if you have any more questions or do share any good solutions you come up with here.

    Cheers!
    Paweł

    0
    Comment actions Permalink

Please sign in to leave a comment.