I'm working on a information sensitive web app using nodejs and expressjs. How can I allow or restrict recipients from being able to forward my users files to someone else and get a summary on the number of times their file has been viewed, the duration, location from where their files have been accessed, and whether it was printed or downloaded.
Asked
Active
Viewed 24 times
1 Answers
0
There're several design questions out of this typical security topics, my answer is about examples on how to support them in node.js.
How can i allow or restrict recipients from being able to forward my users files to someone else
Notice that you will never be able to control a file after it's downloaded from the server side. (it's another topic about how to trace an offline file itself). According to access control of express.js, you can refer to this question: Node.js + Express.js User Permission Security Model
get a summary on the number of times their file has been viewed, the duration, location from where their files have been accessed, and whether it was printed or downloaded.
This is about tracing. You can do it at the frontend by using web analytics tech like Google analytics. If you want to design it at the server side, access log is the general practice. According to express.js, you can use middleware morgan or express-logger. where it will generate a stream of logs to either stdout or a log file so that you can get a summary of all HTTP requests. see this question What's the best practice for expressjs logging?
Example code of using morgan (credit to morgan code examples):
var express = require('express')
var morgan = require('morgan')
var app = express()
app.use(morgan('combined'))
app.get('/', function (req, res) {
res.send('hello, world!')
})
shawnzhu
- 7,233
- 4
- 35
- 51