I want to allow members to store files (likely pdf) that contain sensitive data on my site. I will store the file URL in a collection with their data and allow only them to see/download the file again.
My first attempt is with the Upload Button. the problem is that the uploaded file is always stored in the Media Manager and I can access it anywhere if I have the URL (e.g. https://static.wixstatic.com/ugd/.pdf). This obviously does not seem secure enough.
My second attempt is with the MediaManager upload() method from a buffer (I am hard-coding a buffer for now) and setting isPrivate to true. Then I get a download URL with token by using the MediaManager.getFileUrl() method. This works. It looks like this is more secure - at least my understanding is there is no permanent URL generated and I do not see the file in my Media Manager files.
My questions…
Is uploading files using MediaManager.upload() with isPrivate to true, secure enough for a PDF file containing personal information? Likely depends on what ‘secure enough’ means. Is it GDPR-compliant? Is there any documentation around this I can provide to my client? Looks like I can call MediaManager.moveFilesToTrash() and then manually delete the trash to clean up user files.
If I go with this approach, is there a way to use the Upload Button to trigger this uploading of private files so that I don’t have to write the file upload code myself? I have seen posts about using an HTML Component to upload the file bits, but I haven’t looked into it yet.
If this is not deemed secure enough, does anyone have advice or experience using an app or third-party that I could integrate in Wix for storing members’ private files securely?
And thank-you to @edb for this post: