5

I am using google cloud storage for content at server side like user's videos, images and profile picture. I have some doubt about what is the best practice to implement google cloud signed URL concept.

According to me

1st:- I can store an object name in database and generate a signed URL to get that content every time. But there are extra API call from client side.

2nd:- I can generate a signed URL at the time of uploading content and store it in database with long term expiry. So there are no extra API calls from client side.

But what about when URL expired. Please suggest me the best approach to implement it.

harish
  • 295
  • 1
  • 12

2 Answers2

1

Signed URLs rely on expiration to provide security, so setting a very high expiration and storing the signed URL indefinitely will compromise this.

A good trade-off is to cache the signed URL somewhere (such as in a database) and only re-generate it after it expires instead of every time the client requests it.

Adam
  • 5,697
  • 1
  • 20
  • 52
0

You don´t need an API call to generate a signed URL, you can get a JSON key and generate the URL with common ssl tools from a myriad of programming languages; take a look at the Signed URL Documentation, it is much safer and cleaner to generate them on the fly.

Just found this other answer that might help.

Community
  • 1
  • 1
hdezela
  • 536
  • 6
  • 16
  • Yes you are right, I also followed same at server side, but client need this url so he need to call an api – harish Jul 05 '16 at 06:05