• Hosted in the cloud: MediaStore uses Amazon Web Services (AWS), ensuring optimal access from all territories
  • Secure infrastructure:
    • All communication is encrypted end-to-end using https
    • A VPN-based infrastructure permits access only to predefined URLs and ports
  • Minimum downtime:
    • Through redundant database storage in different AWS service regions, downtime in case of exceptional data center outages is minimized
    • In case of an infrastructural issue, the system is self-healing and auto-scaling
  • Separation of frontend (website) and backend (application, storage): to permit maximum flexibility in the “look and feel” of website, the frontend is fully flexible and communicates with the backend via secure APIs

Development and updates

  • Best programming practices: adherence to proven security standards (OWASP), manual code reviews and multiple layers of testing ensure that no malicious code can be injected
  • Continuous updates: rolling deployments of features, tweaks and fixes with zero downtime
  • Examples of security measures:
    • Countermeasures against cross site scripting (XSS): database output is escaped per default
    • Countermeasures against SQL injection (SQL): escaping of user entries
    • Access control on content and asset objects: role and action based ACLs defined per model
    • Digest of all user passwords: no plain text user passwords in database


  • Secure storage:
    • All assets are held in AWS S3 cloud storage in private storage
    • Redundancy is achieved by storing 3 copies of each asset
  • Restricted downloads:
    • Download of assets (e.g. via download link) requires a temporary access token which is validated before download access is granted

Video & streaming

  • Secure storage: both main asset and lower-bandwidth derivates are protected
  • State-of-the-art encrypted streaming: Using HTML5, MediaStore’s HLS streaming technology uses AES encryption
  • Access control: in order for a user to view a video, a valid temporary token issued by the backend is required and will be validated anew before each video view