My app needs image and documents security, after some research i decided to go with UploadCare. For the time being i managed to connect everything, but the cdn URLs are public.
Does anyone use UploadCare Signed URLs? Is it really worth the expense over just bubble when security is a primary concern?
How do Signed URLs actually work. I think that there is a temporary key that should be sent from bubble together with the image to store. The key expires after x days. My question is how does the CDN and Bubble keep in touch so that a user can retrieve its image at any point in time? Maybe i’m missing something
I understand, but 1) the ability to seamlessly import from google or other providers is valuable for my project. 2) at one point i may have to make my app HIPAA compliant. I don’t want to build now and then rebuild again.
Hopeully someone can chime in on UploadCare, but just be aware HIPAA compliance seems to be not possible right now. There are a lot of threads on it
Typically the Signed URLs are generated via a Bubble plugin action (is there a UploadCare plugin?) that uses your UploadCare API token to generate a temporary signed URL for the file
I am using ultimate uploadcare. I am actually in touch with the dev and waiting for his feedback on signed url at least. Hipaa compliance is no go for the time being, but costs would be astronomical
Thanks for your email about this one!
I’ll respond here for the sake of posterity and visibility.
Ultimate Uploadcare doesn’t yet have the actions built in to create signed URLs but with your mentioned use case, and to Tyler’s point, I’m not sure they’re necessary.
Given that Bubble doesn’t meet HIPAA compliance anyway, any development of your application on it is mostly for the purposes of testing and proving your product idea. With that, I believe Bubble’s privacy settings would be a sufficient method of limiting who can access the files that were uploaded to your Uploadcare.
How to setup privacy settings:
Add a ‘user’ field to your data object that identifies which user is authorised to see the file. You can set this value at the moment of creating the thing in the database.
Add a conditional on the relevant data object (in my example it’s ‘Image’) that only allows the authorised user to see the file. You could also base this of the ‘Creator’ value but that can be a little less reliable than something you specify when saving the file to the database.
With Bubble’s privacy settings, the data won’t even leave the server unless the condition is met, so you can be confident that only allowed users are seeing the files.
