Hacker News new | past | comments | ask | show | jobs | submit login
Ask HN: Best practices to keep user media private from devs?
3 points by kohanz on Nov 17, 2016 | hide | past | favorite | 1 comment
For a web or mobile app where users upload their own media, not for public consumption (think Shutterfly, for example) are there best practices to implement to ensure that the people working on that site (i.e. devs, dev-ops etc.), in production, don't get to see the user's media unless they absolutely have to or is it just kind of accepted that those workers get to see your stuff?

I don't have experience in this area and would like to hear from those who do. I'm especially interested in photo and video content.




One option is to store the files in Amazon S3 and only serve them over cloudfront signed URLs. There's ways to lock down the S3 access so that only a few Very Important tech leadership folks can get to it.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: