Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

A simple data storage schema to restrict public access

I have been working on a library which enable a website to add a comment section to their website.

The idea was to keep it as lightweight as possible thus I preferred to use JSON for basic data storage like comment's message, website and username. All of these data is public and can be access directly via JSON. I don't mind this since comments are going to get display publicly anyway.

However, the problem arises when I want a user to be notified when someone replies to their comment. Email is there in input field but I don't want it to be stored in the public JSON file. Is there any other server side data storage schema where I can store the email privately and at the same time use those emails from server side scripts to send email?

MySQL and others will make the library clunky, so that's out of the list.

Or even beside these conditions is there any other possible way to do this?

like image 386
ghost Avatar asked Oct 17 '17 05:10

ghost


People also ask

How to allow or disable public access for a storage account?

To allow or disallow public access for a storage account in the Azure portal, follow these steps: 1 Navigate to your storage account in the Azure portal. 2 Locate the Configuration setting under Settings. 3 Set Blob public access to Enabled or Disabled. More ...

What is public access to data in a container?

When a container is configured for public access, any client can read data in that container. Public access presents a potential security risk, so if your scenario does not require it, Microsoft recommends that you disallow it for the storage account.

What is disallowing public access in Azure Storage?

Disallowing public access helps to prevent data breaches caused by undesired anonymous access. When you disallow public blob access for the storage account, Azure Storage rejects all anonymous requests to that account. After public access is disallowed for an account, containers in that account cannot be subsequently configured for public access.

Is it possible to deny schema permissions for a specific user?

You could GRANT schema permissions that are effective for everything existing and everything that will exist in that schema. Further to that, if you want to then deny permissions on a certain object within that schema, you can do. But in your situation, there is no need for you to deny the permission on that user.


1 Answers

What you need is APIs and not a data source. A data source is a truth where all data lives. Like in your example, if you have email in your data, it will always be there. Unless you keep email field separately.

  1. The way is to create api that will output required data from JSON files (or database). You can choose to hide the data that you don't want to show. This way, you only expose the api, instead of the file name directly, which has risks of being modified or altered or hacked very easily.

  2. Other way without using API is to have multiple JSON files. One file will have basic data, and other will have confidential data, along with a foreign key like unique key that'd map the confidential or other data with the main record.

Example: Comments.json:

{
  "comments": [{userId: 1, ...},{...}]
}

CommentDetails.json

{...}

Users:

[
  1: {"username": "", "email": "[email protected]",...}
]
like image 140
scazzy Avatar answered Nov 06 '22 05:11

scazzy