http://www.s3fm.com/ is really useful for uploading/viewing files for personal viewing.
I was wondering if there was something good for social networks (using Amazon s3 or something similar),
where it will only show the subset of files uploaded by a specific user (for example, limit access to the user's specific bucket).
Can s3fm be adapted to this solution? or is there something else out there?
Chris, thanks for bringing this up.
Next version of S3fm will allow just that: sharing files and "folders" with your friends and colleagues using your own S3 account. A bucket owner will be able to use his or her credentials to create new (non-AWS) "accounts" and assign different permissions for each user. Then s/he will be able to select files to share or "folders" for uploads for each of those users.
A secure authentication method has been developed on top of regular Amazon S3 API so no 3rd party service will be required for that purpose. In fact, your newly created account credentials are not even accessible to anyone but you and you users . On the flip side, if you loose them - they are gone, we wont be able to restore them. :)
This version was expected this coming Fri (Aug 9, 2009), but apparently will be delayed another week or so.
Happy to help, feel free to follow up with questions or ideas,
I believe you would need to build your own system to do this. What you use doesn't really matter, you could use S3, Azure, etc as your base storage "cloud."
There is no method of authentication on S3, it only serves files publicly. You can of course obfuscate the file names by naming them with hashes. But still only a fileserver. Maybe roll your own system?
Then make it public so I can use it... it would be awesome!
Related
I'm going to make a project using the Google translate api and I'm thinking of uploading this project to a server and just sharing it with my friends. But unfortunately the Api Key that I will use in the project can be accessed clearly in the JavaScript file. This is a very bad situation. To prevent this, I have limited the Google Cloud Api and as far as I understand it is only allowed to be used on the links I allow. It cannot be used on other links. Now my main question is, is this method enough to protect Api from malicious people? Do I need to do anything else? Thank you in advance for your answers.
Best practice in these cases is to use .env files to keep data like API keys private.
You have to create a server for that which will perform OAuth and then send an API request to google.
You can get help about how to implement OAuth from this topic provided by google: https://developers.google.com/identity/protocols/oauth2/javascript-implicit-flow
If you send/attach your API key in frontend like javascript which is basically a frontend language then it can be used to:
Send fake requests which will use all of the bandwidth etc.
You should also consult the TOS.
On November 5th 2014 Google made some changes to the APIs terms of Service.
Like you I had an issue with the following line.
Asking developers to make reasonable efforts to keep their private
keys private and not embed them in open source projects.
That is however really only an issue if you are releasing the source code of your app as an Open source project for example.
If your just hosting this on a server then what you shoudl do is set up limitations for the api key adding_application_restrictions you can limit it so that the api key can only be used from your server and no where else.
I'm a teacher. My grade book is a .xlsm file, located in my Google Drive folder. I'm building a web app, also in my Drive folder, that shows the students names arranged according to the seating chart. I want to run the app on my Android phone, and click a student's name to add a participation mark to the grade book. The app should also display the students' existing participation scores (from the grade book). What is the best way to go about accomplishing something like this?
*I initially tried to do this using another .xlsm file but, when I realized that macros don't run on the Android version of Excel, I switched to an HTML-based app. Was that the right decision?
Here is a sample .xlsm file. In this case, the app would check cell A2 to make sure it's the correct student and then both read and write to cell B2.
If Excel isn’t doing it for you on Android then I’d strongly suggest looking in to Google Sheets. Creating an app for this yourself would be a fun project, if you enjoy that sort of thing, but Google Sheets sounds like it might do the job and you can be up and running in a few minutes.
Having got that out of the way I think it would be best to clear up how web apps work, it sounds like you have some confusion about how they work (or I am from your question!).
A web app is typically made up of two parts, a client and a server.
The client requests resources from the server and the server responds. For example, the client requests the resource associated with example.com, the server is listening for this request and fulfils it by returning a string of text with some meta saying its html. The client (lets say its a browser) understands this is html and begins to parse and render it. If it hits <link> or <script> (or some other stuff) it knows to go and request more resources from a server.
The client is totally detached from the server, it has limited access to the file system and must perform tasks by asking the server to do them. It can only ask, not enforce.
Often there is a 3rd piece which is storage of some sort, this could be a file system somewhere or a database. The client is also detached from this and the server (or another service) owns and manages the storage. In your case Google Drive can act as your storage.
A web client has no direct access to your Google Drive, although if its contents is public there is likely a scheme for you to get a resource (I don't know how Google Drive works but this is fairly likely). I'm not sure it will let you write to the Drive though, not without additional permissions (granted through authentication) being acquired. Many popular frameworks and libraries will allow you to interface with Google Drive and handle the auth handshake etc etc, they are often called a driver or connector.
Very basically, you'd likely need a couple of parts:
Storage -> Connector -> Service -> Client
You can get away with putting connector and service together, and you might be able to get away with connecting direct from the client, which would save you the trouble of creating, hosting and running a service.
The last piece of the puzzle is the conversion you must do from the .xls data into something JS on the client can work with (again, there are often multiple ways of doing things, you might decide to render your page on the server).
There are many tools out there that can convert from .xls to json, which JS can then parse and use (on client or server). I have used one a couple of times but I can't remember which one right now, a quick npm search throws up a number of hits.
Your best option is not to use Google Drive at all. If you are interested in doing something like you described, I would strongly recommend using either PHP and MySQL (a popular combination) or Google Cloud Platform's App Engine (they provide a lot of help, even allowing you to easily build an app that you can sign in to from your Android device with your Google account). If you're more in the mood for Do-It-Yourself, I would probably recommend Spring Boot (These tutorials look pretty good)
When it comes to integrating with Google Drive, it is technically possible to do, but so difficult that you would be much better off writing your own system from scratch and perhaps exporting to an Excel file. (See this page for a tutorial on exporting to Excel from Java)
You have several concerns with the final solution for your problem:
Security (You don't want students breaking into it, like I probably would have done)
Accessibility (You want to get at the information on your phone and your computer)
If I was in your position, I would probably write a Spring Boot application (which can house it's own database, website and API for a computer/phone to communicate with) and an Android application that talks to it.
Also, it would be helpful to know what programming languages and/or libraries/frameworks you have used in the past in order to make better recommendations for your situation. What have you used in the past?
If you need help or have questions, just message or comment.
I am still new to Angular apps and wonder about some security concerns and would appreciate some tips on how to handle this.
Lets say I access my Amazon S3 Server from my Angular Application. That for I need to write somewhere my bucketname, accesskey and secret key... but since it is all visible to the user everybody can see the secret key which does not make him anymore secret of course.
I can also not use something like a SALT etc. to create user passwords for the same reason. All is visible in the end and even with minify and uglify anybody can reverse it as well.
What is the best approach to do things like this? So far I can only think of one thing and this is to not use javascript or angular at all in this cases and for example only access my S3 bucket via PHP. But this cant be the only way I hope?
For Firebase it looks the same problematic since everybody can see all infos right away and can connect basically to my DB and than add for example information he want to. Of course I can setup rules and make certain things obligated but this can be also sniffed out easy inside my code at the end which seems all pretty unsafe if I compare this to a php/mysql backend.
You can use the Cordova SecureStorage plugin to store access and/or session tokens:
https://github.com/Crypho/cordova-plugin-secure-storage
Since the Android implementation of this secure storage uses the KeyStore, the users must have a secure screen-lock set (like fingerprint, pattern or PIN). The plugin provides functions to check this, so you will be able to give a warning (or block login) if this is not the case. Without a locked screen there is no way to save your keys in a secure way on Android.
We are looking to create a project for access to a specific folder with Read only permission.
My question is when creating the project what ways are there to limit access and permission in the project itself?
Can this be done? and is it through the enable APIs. I have done some reading on this and I cannot find a conclusive answer.
What APIs would I need enabled to apply this.
I will not be in control of any scripts, this will be a project for web application.
The scenario of what we have is Many thousands of files with in google drive, we want to give access to a specific folder and not have the ability to go through the rest of our google drive. They will be using Javascript to download files from this and upload automatically in to a system at there end, they are looking to use the Google drive API to do this.
Look forward to your replys opinions and direction on this.
Many thanks
you cannot do this at the project console level. you are missing info like how the webapp authenticates the user or whether the drive api calls are server side or client side. but in either case what you need is to never use the drive owner account and simply share that folder readonly public or to specific emails.
for a more detailed answer you need to explain much better the scenario.
i'm experimenting by mounting a website hosted on my Dropbox Public folder. Files can my accesed and I used my domain name to redirect to de index.html public url.
I can run javascript, bootstrap, jquery and that stuff but not php (for obvious security reasons of dropbox).
I would like to save data from the website. We all know that JScript is not allowed to write files or anything outsite the browser or the webpage itself.
I've been searching for a webapp/service that provides me a database or something like that let me save data from javascript. Somethingthat get connected to my host and gives me an API to the service or something like that.
Anyone heard about something like this? Or any other way I can get data saved? (serializing a JS object to a file would be just enought to me)
From experience,
If you stick with trying to host something on Dropbox or anything that was not purpose meant for that, you will continually run into problems like this.
In the end spending (wasting) more time, energy and money on workarounds, rather than having fun in a real hosted environment (cloud based is more fun than DB!)
Do yourself a favor and move to a hosting platform, and spend that energy more wisely in creating a website or product (maybe that will make you money even)
There are plenty of free hosting platforms to get your started.
A quick serach on Google:
http://appfog.com/
https://pagodabox.com/