Hosted in the cloud: MediaStore uses Amazon Web Services (AWS), ensuring optimal access from all territories
Secure infrastructure:
All communication is encrypted end-to-end using https
A VPN-based infrastructure permits access only to predefined URLs and ports
Minimum downtime:
Through redundant database storage in different AWS service regions, downtime in case of exceptional data center outages is minimized
In case of an infrastructural issue, the system is self-healing and auto-scaling
Separation of frontend (website) and backend (application, storage): to permit maximum flexibility in the “look and feel” of website, the frontend is fully flexible and communicates with the backend via secure APIs
Development and updates
Best programming practices: adherence to proven security standards (OWASP), manual code reviews and multiple layers of testing ensure that no malicious code can be injected
Continuous updates: rolling deployments of features, tweaks and fixes with zero downtime
Examples of security measures:
Countermeasures against cross site scripting (XSS): database output is escaped per default
Countermeasures against SQL injection (SQL): escaping of user entries
Access control on content and asset objects: role and action based ACLs defined per model
Digest of all user passwords: no plain text user passwords in database
Storage
Secure storage:
All assets are held in AWS S3 cloud storage in private storage
Redundancy is achieved by storing 3 copies of each asset
Restricted downloads:
Download of assets (e.g. via download link) requires a temporary access token which is validated before download access is granted
Video & streaming
Secure storage: both main asset and lower-bandwidth derivates are protected
Access control: in order for a user to view a video, a valid temporary token issued by the backend is required and will be validated anew before each video view
