-1

I am making a website and I need to know if security (authentication) tokens is what I need to securely share files.

I have searched a lot but I can't seem to understand if it's for me or if good old fashioned key generation is enough.

The website idea is any user can upload files and lists the emails of receivers, then a "token" is generated and anyone with that "token" and an email from the list of receivers can have access to the uploaded files for a certain amount of time.

henrycarteruk
  • 12,708
  • 2
  • 36
  • 40
MNS
  • 45
  • 2
  • 2
  • 8

1 Answers1

0

I would generate two tokens:

  1. token for fileinfo and time of validity, which needed to be passed while calling the download service
  2. userToken to store info about a user(email, name, etc whatever is needed) saved in cache when user login to the website.

When the downloadFile service is called, I would first check the validity of the token, then from the userToken, I will get the email id and check whether the user can access the file in token.

Supratim Samantray
  • 136
  • 9
  • what about the actual implementation? how would i go about it? (from what I've read about authentication tokens they're pretty complex) – MNS Dec 12 '16 at 13:03
  • First you need to select encription algo you want to use. AES is quite popular. You will easily get the code. [Check here for AES python implementation](http://stackoverflow.com/questions/12524994/encrypt-decrypt-using-pycrypto-aes-256)
    – Supratim Samantray Dec 13 '16 at 07:45
  • the design token to get meaningful info, for **token** make it something "filename--validity" for **usertoken** something "email--name--otherinfo". Key is private so you dont need to worry. – Supratim Samantray Dec 13 '16 at 07:47