Android Question File/Cloud Storage

iCAB · Mar 10, 2022

Hi All,

We are working on an application that requires storing and retrieving files and images at/from the server. The access to the files must be restricted and only accessible using the application logic. In other words, We don’t want anyone with a link to the file to be able to download it by simply using a web browser.

We looked at Firebase buckets which could be a solution, however, if I am not mistaken the app user must have a Gmail address to use Firebase Auth. Is this a correct assumption, or is there a way around it?

Also, we don’t want each and every app user to authenticate using his/her email.
Depending on the application, in some cases, we might want to use a shared bucket with a single authenticated profile.

We are looking for a solution that works with B4A/B4I.

Any suggestions?

Regards,
iCAB

DonManfred · Mar 10, 2022

iCAB said:
Any suggestions?

Store the files Encrypted on your Server. Even if someone knows the URL; all he get is an encrypted file.
Download them, decrypt them (maybe into a stream) and read and use the decrypted file.

iCAB · Mar 10, 2022

Thanks, Don for your reply. But there must be a better approach. Something similar to Firebase or one of the cloud storage services.

AnandGupta · Mar 11, 2022

iCAB said:
Thanks, Don for your reply. But there must be a better approach. Something similar to Firebase or one of the cloud storage services.

Don just suggested what you are requesting for.

iCAB said:
Also, we don’t want each and every app user to authenticate using his/her email.
Depending on the application, in some cases, we might want to use a shared bucket with a single authenticated profile.

Keep in mind,

a cloud is just a pc drive on network
you can have direct access to the file on that drive
you can have a login wall before access

If you do not want login wall, encryption is the way.

iCAB · Mar 11, 2022

AnandGupta said:
Don just suggested what you are requesting for

I guess I am leaning towards firebase storage but I am not sure if:
1. The authentication requires the user to have a Google Account
2. If the authentication/ bucket access can be done in code behind the scenes and without prompting the user

As an example:
Say you have a SAAS system and you want to limit the access to specific company files to the selected company users only.
The backend creates a bucket and a user
The app retrieves the info from the backend and uses the retrieved info to gain access to the bucket without prompting the user.

I worked on Firebase storage a long time ago, but if I recall properly I had to prompt the user to sign with a Google account, but this is what I am trying to avoid.

I will dig more into it, but I was hoping that someone has the answer for me.

Thanks,
iCAB

Android Question File/Cloud Storage

iCAB

Well-Known Member

DonManfred

Expert

iCAB

Well-Known Member

AnandGupta

Expert

iCAB

Well-Known Member

Similar Threads