Skip to content
Key security features
Application
- Hosted in the cloud: MediaStore uses Amazon Web Services (AWS), ensuring optimal access from all territories
- Secure infrastructure:
- All communication is encrypted end-to-end using https
- A VPN-based infrastructure permits access only to predefined URLs and ports
- Minimum downtime:
- Through redundant database storage in different AWS service regions, downtime in case of exceptional data center outages is minimized
- In case of an infrastructural issue, the system is self-healing and auto-scaling
- Separation of frontend (website) and backend (application, storage): to permit maximum flexibility in the “look and feel” of website, the frontend is fully flexible and communicates with the backend via secure APIs
Development and updates
- Best programming practices: adherence to proven security standards (OWASP), manual code reviews and multiple layers of testing ensure that no malicious code can be injected
- Continuous updates: rolling deployments of features, tweaks and fixes with zero downtime
- Examples of security measures:
- Countermeasures against cross site scripting (XSS): database output is escaped per default
- Countermeasures against SQL injection (SQL): escaping of user entries
- Access control on content and asset objects: role and action based ACLs defined per model
- Digest of all user passwords: no plain text user passwords in database
Storage
- Secure storage:
- All assets are held in AWS S3 cloud storage in private storage
- Redundancy is achieved by storing 3 copies of each asset
- Restricted downloads:
- Download of assets (e.g. via download link) requires a temporary access token which is validated before download access is granted
Video & streaming
- Secure storage: both main asset and lower-bandwidth derivates are protected
- State-of-the-art encrypted streaming: Using HTML5, MediaStore’s HLS streaming technology uses AES encryption
- Access control: in order for a user to view a video, a valid temporary token issued by the backend is required and will be validated anew before each video view
stefan2017-05-19T10:24:11+00:00
Page load link