
Ask HN: Best practices to keep user media private from devs? - kohanz
For a web or mobile app where users upload their own media, not for public consumption (think Shutterfly, for example) are there best practices to implement to ensure that the people working on that site (i.e. devs, dev-ops etc.), in production,  don&#x27;t get to see the user&#x27;s media unless they absolutely have to or is it just kind of accepted that those workers get to see your stuff?<p>I don&#x27;t have experience in this area and would like to hear from those who do. I&#x27;m especially interested in photo and video content.
======
nmgsd
One option is to store the files in Amazon S3 and only serve them over
cloudfront signed URLs. There's ways to lock down the S3 access so that only a
few Very Important tech leadership folks can get to it.

