0

We are building a Meteor app that will be deployed to the app stores and online. We need to store assets that will be auto-refreshed with Meteor (eg via hot-code-push), including in the app store versions. The normal approach would be to put the assets into /public directory. However, this means that the assets are all insecure and can be accessed and downloaded directly by anyone.

How can we make the assets in a Meteor app:

  1. available to our app (in this case they are audio files that the app will play)

  2. refresh when the app code updates, without requiring a new download from the app store

  3. secure, so that only the app can access them, not outside bandits?

Thanks

Mattia Maestrini
  • 32,270
  • 15
  • 87
  • 94
user2330237
  • 1,629
  • 5
  • 20
  • 39

1 Answers1

0

Using something like S3 or CloudFront with signed URLs or signed cookies will be a lot more robust than rolling your own solution.

That being said, if you want to implement this yourself you could combine the security ideas from this question with my answer to how to serve files.

The answer really depends on how you want to store your files.

David Weldon
  • 63,632
  • 11
  • 148
  • 146