How WP-Filebase protects your Cloud Hosted files

Most free Cloud hosting services does not offer control over access privileges. Once a file is shared, everyone can download the file with the share link. To prevent this, WP-Filebase acts as a authentication proxy.For each file hosted on a cloud service – such as Google Drive, Dropbox and OneDrive – you can set individual access permissions based on users and user roles in WP-Filebase Dashboard.

Once a user tries to access a file from your WordPress site, WP-Filebase checks for these permissions. If access is granted, it sends a share request to the Cloud service to retrieve a share URL for that file. It then redirects the browser of the downloading user to this share URL and the download begins.

The leak safety (e.g. the risk that some not-authenticated user can download the file) of this process, depends in the structure and state of the share URL, which is generated by the cloud host. A possible vulnerability is URL guessing: the attacker has an idea about file and folder names and just tries various URLs until the server returns the file. Another security aspect is the lifetime of the share URL. Links can easily get into the wrong hands, for example from the browser history. A link with a lifetime of a couple of minutes prevents this. Once the link is expired, the user needs to re-authenticate in order to access the file.

Lets have a look at each service:

  • FTP provides poor security, since URLs are easy to guess (no hashing, no tokens in the URL). There is no URL signing. However, you can configure the FTP server so it does not accept anonymous connections, but this will require you to share FTP login details with your users and there is no automatic WordPress user authentication
  • Dropbox URLs are safer, since impossible to guess. There is an expiration time for share links, but the timespan is not defined for Dropbox free users. With paid Dropbox Pro/Enterprise accounts you can set a custom link expiry time.
  • Amazon S3 is very secure, because you can set link expiry time (down to a couple of seconds). Files are securely servered over HTTPS. No URL-guessing possible.
  • Google Drive has its own share permission system with Google Accounts. It does not currenlty generate share links with a limited life time.
  • ownCloud supports link expiry dates, thus is very secure.

Note that you can never prevent someone from sharing your files, even if the links expire. “Bad guys” can easily re-upload files on any host and share these links.


VN:F [1.9.22_1171]
Rating: 3.0/5 (2 votes cast)
How WP-Filebase protects your Cloud Hosted files, 3.0 out of 5 based on 2 ratings

19 thoughts on “How WP-Filebase protects your Cloud Hosted files

  1. Kr Ashwin says:
    VA:F [1.9.22_1171]
    Rating: 0 (from 2 votes)

    I like to play this Happy wheels game through this web link and play this most exciting video game for free and online.Thank you so much guys for this kind of amazing game for us.

  2. alfha says:
    VA:F [1.9.22_1171]
    Rating: +1 (from 1 vote)

    The information you have posted is very useful. The sites you have referred was good. Thanks for sharing

  3. click here says:
    VA:F [1.9.22_1171]
    Rating: 0 (from 0 votes)

    I agree with the above comments. This is very useful for those who are looking for the same topic.

  4. website says:
    VA:F [1.9.22_1171]
    Rating: 0 (from 0 votes)

    Things for posting this. This is exactly what I was looking for. I have a large set of cloud hosted files for my website.

  5. Click says:
    VA:F [1.9.22_1171]
    Rating: 0 (from 0 votes)

    I’m loving Google Drive. It is exactly the type of thing that I need.

  6. VA:F [1.9.22_1171]
    Rating: -1 (from 1 vote)

    Just the type of protection that I’ve been looking for. It’s hard to even express how important this is for my business.

  7. VA:F [1.9.22_1171]
    Rating: 0 (from 0 votes)

    I love how this cloud service offers control over access privileges.

  8. website says:
    VA:F [1.9.22_1171]
    Rating: 0 (from 0 votes)

    Good article and thanks or the information. Have you also reviewed the Apple service

  9. Kevin says:
    VA:F [1.9.22_1171]
    Rating: 0 (from 0 votes)

    Useful tips to becoming a WP MASTER!

  10. VA:F [1.9.22_1171]
    Rating: 0 (from 0 votes)

    Thank you for sharing !

Leave a Reply

Your email address will not be published. Required fields are marked *