Key security features

Hosted in the cloud: MediaStore uses Amazon Web Services (AWS), ensuring optimal access from all territories
Secure infrastructure:
- All communication is encrypted end-to-end using https
- A VPN-based infrastructure permits access only to predefined URLs and ports
Minimum downtime:
- Through redundant database storage in different AWS service regions, downtime in case of exceptional data center outages is minimized
- In case of an infrastructural issue, the system is self-healing and auto-scaling
Separation of frontend (website) and backend (application, storage): to permit maximum flexibility in the “look and feel” of website, the frontend is fully flexible and communicates with the backend via secure APIs

Best programming practices: adherence to proven security standards (OWASP), manual code reviews and multiple layers of testing ensure that no malicious code can be injected
Continuous updates: rolling deployments of features, tweaks and fixes with zero downtime
Examples of security measures:
- Countermeasures against cross site scripting (XSS): database output is escaped per default
- Countermeasures against SQL injection (SQL): escaping of user entries
- Access control on content and asset objects: role and action based ACLs defined per model
- Digest of all user passwords: no plain text user passwords in database

Secure storage:
- All assets are held in AWS S3 cloud storage in private storage
- Redundancy is achieved by storing 3 copies of each asset
Restricted downloads:
- Download of assets (e.g. via download link) requires a temporary access token which is validated before download access is granted

Secure storage: both main asset and lower-bandwidth derivates are protected
State-of-the-art encrypted streaming: Using HTML5, MediaStore’s HLS streaming technology uses AES encryption
Access control: in order for a user to view a video, a valid temporary token issued by the backend is required and will be validated anew before each video view