Android Question File/Cloud Storage

iCAB

Well-Known Member
Licensed User
Longtime User
Hi All,

We are working on an application that requires storing and retrieving files and images at/from the server. The access to the files must be restricted and only accessible using the application logic. In other words, We don’t want anyone with a link to the file to be able to download it by simply using a web browser.

We looked at Firebase buckets which could be a solution, however, if I am not mistaken the app user must have a Gmail address to use Firebase Auth. Is this a correct assumption, or is there a way around it?

Also, we don’t want each and every app user to authenticate using his/her email.
Depending on the application, in some cases, we might want to use a shared bucket with a single authenticated profile.

We are looking for a solution that works with B4A/B4I.

Any suggestions?

Regards,
iCAB
 

DonManfred

Expert
Licensed User
Longtime User
Any suggestions?
Store the files Encrypted on your Server. Even if someone knows the URL; all he get is an encrypted file.
Download them, decrypt them (maybe into a stream) and read and use the decrypted file.
 
Upvote 0

iCAB

Well-Known Member
Licensed User
Longtime User
Thanks, Don for your reply. But there must be a better approach. Something similar to Firebase or one of the cloud storage services.
 
Upvote 0

AnandGupta

Well-Known Member
Licensed User
Longtime User
Thanks, Don for your reply. But there must be a better approach. Something similar to Firebase or one of the cloud storage services.
Don just suggested what you are requesting for.
Also, we don’t want each and every app user to authenticate using his/her email.
Depending on the application, in some cases, we might want to use a shared bucket with a single authenticated profile.


Keep in mind,
  1. a cloud is just a pc drive on network
  2. you can have direct access to the file on that drive
  3. you can have a login wall before access
If you do not want login wall, encryption is the way.
 
Upvote 0

iCAB

Well-Known Member
Licensed User
Longtime User
Don just suggested what you are requesting for


I guess I am leaning towards firebase storage but I am not sure if:
1. The authentication requires the user to have a Google Account
2. If the authentication/ bucket access can be done in code behind the scenes and without prompting the user

As an example:
Say you have a SAAS system and you want to limit the access to specific company files to the selected company users only.
The backend creates a bucket and a user
The app retrieves the info from the backend and uses the retrieved info to gain access to the bucket without prompting the user.

I worked on Firebase storage a long time ago, but if I recall properly I had to prompt the user to sign with a Google account, but this is what I am trying to avoid.

I will dig more into it, but I was hoping that someone has the answer for me.

Thanks,
iCAB
 
Upvote 0
Top