My media storage is Openstack object storage (swift) in the cloud (OVH).
Regarding the user-rights on the uploaded media:
- Images [A] are viewable by all users, but only deletable by user-owner/ uploader.
- Images [B] are very private. CRUD by user-owner/ uploader and viewable by some other users.
I looked around for solutions and came across pre-signed (temporary) urls., see also this article.
I was wondering whether this provides an acceptable security level. An alternative I could think of is authenticating all users via openstack's authentication module, Keystone. But maybe that's just completely stupid and/ or overkill. I started to look in that direction as it might be similar to AWS S3 use of IAM policies.
My questions:
- Is the pre-signed url solution the way to go? And if not why not?
- How would processing images (creating thumbnails) look like? You grab it from the storage, process and store it back and delete local versions, I suppose?
