How WP-Filebase protects your Cloud Hosted files

Most free Cloud hosting services does not offer control over access privileges. Once a file is shared, everyone can download the file with the share link. To prevent this, WP-Filebase acts as a authentication proxy.For each file hosted on a cloud service – such as Google Drive, Dropbox and OneDrive – you can set individual access permissions based on users and user roles in WP-Filebase Dashboard.

Once a user tries to access a file from your WordPress site, WP-Filebase checks for these permissions. If access is granted, it sends a share request to the Cloud service to retrieve a share URL for that file. It then redirects the browser of the downloading user to this share URL and the download begins.

The leak safety (e.g. the risk that some not-authenticated user can download the file) of this process, depends in the structure and state of the share URL, which is generated by the cloud host. A possible vulnerability is URL guessing: the attacker has an idea about file and folder names and just tries various URLs until the server returns the file. Another security aspect is the lifetime of the share URL. Links can easily get into the wrong hands, for example from the browser history. A link with a lifetime of a couple of minutes prevents this. Once the link is expired, the user needs to re-authenticate in order to access the file.

Lets have a look at each service:

  • FTP provides poor security, since URLs are easy to guess (no hashing, no tokens in the URL). There is no URL signing. However, you can configure the FTP server so it does not accept anonymous connections, but this will require you to share FTP login details with your users and there is no automatic WordPress user authentication
  • Dropbox URLs are safer, since impossible to guess. There is an expiration time for share links, but the timespan is not defined for Dropbox free users. With paid Dropbox Pro/Enterprise accounts you can set a custom link expiry time.
  • Amazon S3 is very secure, because you can set link expiry time (down to a couple of seconds). Files are securely servered over HTTPS. No URL-guessing possible.
  • Google Drive has its own share permission system with Google Accounts. It does not currenlty generate share links with a limited life time.
  • ownCloud supports link expiry dates, thus is very secure.

Note that you can never prevent someone from sharing your files, even if the links expire. “Bad guys” can easily re-upload files on any host and share these links.


VN:F [1.9.22_1171]
Rating: 3.0/5 (2 votes cast)
How WP-Filebase protects your Cloud Hosted files, 3.0 out of 5 based on 2 ratings

23 thoughts on “How WP-Filebase protects your Cloud Hosted files

  1. VA:F [1.9.22_1171]
    Rating: -1 (from 1 vote)

    Great Article !

  2. Richard says:
    VA:F [1.9.22_1171]
    Rating: 0 (from 0 votes)

    Amazing! thank you for sharing these useful facts with us guys! If you guys are looking for seamless gutter pros our company Virginia Beach Gutter Repair & Installation can do the work for you.

  3. Laura says:
    VA:F [1.9.22_1171]
    Rating: +1 (from 1 vote)

    Oh god I’ve been wanting to know about theese kind of stuff. If you guys need help cleaning your house we have Laura one of our top cleaners that have satisfied most of our clients.

  4. VA:F [1.9.22_1171]
    Rating: 0 (from 0 votes)

    I’m loving Google Drive. It is exactly the type of thing that I need.

  5. VA:F [1.9.22_1171]
    Rating: 0 (from 0 votes)

    I’m loving this! My fav post I’ve seen all day, thanks heaps!

  6. Jacob says:
    VA:F [1.9.22_1171]
    Rating: +1 (from 1 vote)

    Thank you for providing the list of this awesome storage. If you guys also need help with roofing you can check our companies website for more details and information of the services that we offer.

  7. Dan says:
    VA:F [1.9.22_1171]
    Rating: 0 (from 0 votes)

    I like this article great content very informative. If you guys are looking for tree service Alexandria our company Tree Service & Removal of Alexandria can do the work for you.

  8. VA:F [1.9.22_1171]
    Rating: -1 (from 1 vote)

    This article reminds me of something , I like the way you explained the information here. Thanks!

  9. Click here says:
    VA:F [1.9.22_1171]
    Rating: 0 (from 0 votes)

    Thanks for sharing this great information.

  10. VA:F [1.9.22_1171]
    Rating: 0 (from 0 votes)

    Well explained! Thank you for stressing this topic. Keep it up!

Leave a Reply

Your email address will not be published.