question

Max Muthig avatar image
Max Muthig asked

Is it secure to upload sensitive pictures?

Hey! :)

If a user decides to upload a sensitive / personal picture from their photo gallery to PlayFab and we save it via Entity data - is this considered secure? Can any other player / potential hacker access the data? Does it function similar to unprotected S3 storage that if you know the link you can access the data or do you need to login / confirm it is you before you can access this data?

Thanks for your time & kind regards, Max

Player Data
10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

1 Answer

·
Neils Shi avatar image
Neils Shi answered

To retrieve the entity data (for example the pictures uploaded by players), the players need to call Entity API like GetFiles to obtain the “DownloadUrl”. It's secure during this process. Because calling this API needs an Entity Token which players need to log in first so that they can obtain it. But after getting the DownloadUrl, if other players know this link, they can also directly download the image through this DownloadUrl. And the link is valid for 10 minutes and will become invalid after that time.

10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.