题
from the jsfiddle, http://jsfiddle.net/filepicker/BYF9t/
filepicker is initialized with the api key and read/write operations are secured with policies.
https://stackoverflow.com/questions/15870385
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russianfilepicker.setKey('8PbzrhP9Tr2r6wPlSqzS');
filepicker.read(fpfile, {policy: policy, signature:signature}, function(contents)
console.log(contents);
})
filepicker.pick({policy: policy, signature:signature}, function(fpfile){
console.log(fpfile);
});
However I am still unsure how it is secure, in the sense that why wouldn't anyone be able to just use the api key and just use it as below?
filepicker.pick(function(FPFile){
console.log(FPFile.url);
});
Furthermore, why wouldnt be anyone able to just use the policies and upload/download files from my account?
Please help me to understand this!
解决方案
When security is turned on for your account, any request to the Filepicker.io API (be it a pick, read, etc.) is denied unless it has an appropriate policy and secret.
To prevent people from copying your policies and using them maliciously, you should set an appropriately short expiry time to make this difficult, and use some level of exponential backoff or similar on your end to ensure one person isn't continually generating new policies from your server.
