file storage: how to make the files private and secure
Hi accessing the file via the url is public as long as you get the link. How to make them readable only from my app with user authentication check based on my URL? Also is there anyway to make them encrypted so only the user that uploaded them can read them? Is it even possible and how to implement it?
7 Replies
Thanks for posting in <#1088161997662724167>.
Reminder: If you have a Convex Pro account, use the Convex Dashboard to file support tickets.
- Provide context: What are you trying to achieve, what is the end-user interaction, what are you seeing? (full error message, command output, etc.)
- Use search.convex.dev to search Docs, Stack, and Discord all at once.
- Additionally, you can post your questions in the Convex Community's <#1228095053885476985> channel to receive a response from AI.
- Avoid tagging staff unless specifically instructed.
Thank you!
1. instead of using
ctx.storage.getUrl you can define an http action that checks auth and then only returns the file (via ctx.storage.get ) if the user is authed.
2. who do you want to prevent from reading the file? to prevent absolutely everyone, you can do end-to-end encryption like https://whisper-convex.vercel.app/ but that requires a secret that is stored locally. most apps store the file directly (it's encrypted when stored but the server has keys to decrypt it) and then only serve it to authorized usersServing Files | Convex Developer Hub
Files stored in Convex can be served to your users by generating a URL pointing
As an example, my users upload their files to convex. As an admin, I am able to see and download the documents. Is there a way (maybe on the roadmap) to prevent that?
Not at the moment. We could block it in the dashboard, but as an admin you can deploy a new function that reads the file, and then call this function. Since you need to be able to deploy code that reads the file, so users can read their own files, it's difficult to prevent this.
So if you need absolute privacy, you need end-to-end encryption. Otherwise, the best you can do is make it difficult to bypass privacy accidentally or without signs showing up in audit log or code review.
We do intend to make this easier to enforce, for example settings that hide data in the dashboard even from admins. And we're always improving the audit log to include things like deploy key access and usage, and file storage access.
Enforcing privacy is a fascinating topic so i'll tag colleagues in case they have more thoughts @jamwt @ari @Pasha
Yes, started to look into end-to-end encryption. Another point related to network input/output. Is it possible to allow only a specific domain to access the file url? So I build the url with ctx.storage.getUrl. Is it possible that GET requests to this specific url is only accessible from a specific domain and avoid being able to load it in the browser for example?
oh with http actions
I just read about a clever method of end-to-end encryption. Not sure if it'll work for this use case, but it may be worth a read:
https://blog.excalidraw.com/end-to-end-encryption/
End-to-End Encryption in the Browser | Excalidraw Blog
Excalidraw is a whiteboard tool that lets you easily sketch diagrams that have a hand-drawn feel to them. It is very handy to dump your thoughts many of which are sensitive: designs for new features not yet released, interview questions, org charts, etc.