0

I'm trying to find an answer to a dilemma and I'd like some suggestions.

  • Type of app: a web app using Ruby on Rails.
  • Issue: product owner wants to minimize access to images for privacy reasons.
  • Considerations:
    • Images can be full photos, and are not limited to small icons.
    • Question is specifically about how image files are served to users (i.e., in the src attribute of an <img> tag).
    • These are not user-submitted images, so users' privacy is not what's at stake here – they're specifically for confidential images that need to be served only to users who have the permissions to see them. The images should be as accessible as the pages that they will appear in.
  • Solutions I've come up with:
    • Privacy through obscurity by avoiding identifiable patterns and using very long strings for the image paths. The image files would be publicly available like the vast majority of images on the web, but they'd be nearly impossible to find.
    • Base64 and Data URIs with the encodings either stored on the DB or YML files. A user's access to the file is as private as the user's access to the page where the image is served.

I'm aware of the shortcomings of using Base64 encoding, but if privacy is high enough a priority, they might be compromises.

Any other suggestions?

Carnigian
  • 3
  • 4
  • This is a very broad question. Base64 isn't any kind of privacy enhancement. When you say "minimize access" - by whom? If you want real privacy, encrypt, and do it properly (e.g. with libsodium), not with some homebrew junk. – Synchro Dec 09 '18 at 21:32
  • The question is specifically about how the images are placed in `src` tag in an HTML `` tag (or CSS `background-image` property). A publicly available URL can be found out, whereas a Base64 encoded image is embedded in the HTML so its access is as private as the page that is being rendered. – Carnigian Dec 09 '18 at 21:43
  • I've edited the original question to be more specific. – Carnigian Dec 09 '18 at 21:49
  • If the HTML can be served privately, so can the images. They do not need to be public just because they have URLs. It’s not clear who you are protecting the images from. If it’s the public, authentication will do the job. If it’s the site owner, you need encryption where the client holds the key. – Synchro Dec 10 '18 at 06:49
  • Authentication is not enough. Log in to Facebook, find a photo that you know isn't publicly shared (i.e., set to be seen by friends only), and then copy the URL of the image file. Then log out and paste that URL in your browser. You'll be able to access a "private" image without being logged in to Facebook. In other words, Facebook employs "privacy through obscurity" because the path is impossible to discover for all intents and purposes. I'm not sure how encryption solves my dilemma either since its use case would be no different than just embedding a Base64 encoded image into the HTML. – Carnigian Dec 11 '18 at 01:10
  • I think my use of the word "privacy" is misleading. The ultimate goal here is to not have to expose the path to the image publicly and not have the disadvantages of embedding the image into the HTML. – Carnigian Dec 11 '18 at 01:15
  • Use authentication to facilitate authorisation to determine whether a user has permission to view an image or not, just as you do for HTML. That Facebook relies on unguessable URLs doesn’t mean you should do that. Encryption would mean that nobody without the key could view the image, even if they had the URL for it. One thing is clear though: base64 encoding achieves nothing. – Synchro Dec 11 '18 at 06:44

0 Answers0