{"id":21487,"date":"2017-03-08T16:03:58","date_gmt":"2017-03-08T16:03:58","guid":{"rendered":"http:\/\/protecting_images_and_videos_via_cookie_based_authentication"},"modified":"2024-08-22T10:28:26","modified_gmt":"2024-08-22T17:28:26","slug":"protecting_images_and_videos_via_cookie_based_authentication","status":"publish","type":"post","link":"https:\/\/cloudinary.com\/blog\/protecting_images_and_videos_via_cookie_based_authentication","title":{"rendered":"Protecting images and videos via cookie-based authentication and Cloudinary"},"content":{"rendered":"

Controlling who can access your images and videos, and when, can be an important concern for your business and security workflow. You may have resources that you only want some of your users or employees to access, or you may need to make sure that your original resources are secure, and only transformed (edited) versions of your resources are delivered, e.g., with a watermark or logo displayed.<\/p>\n

Cloudinary prides itself on the wide range of transformations available via dynamic URLs, and there are huge benefits to using on-the-fly dynamic transformations to deliver your public resources. But this flexibility for delivering resources may be too permissive in certain situations because simply changing or removing a dynamic Cloudinary URL parameter can deliver a new image on-the-fly. This can result in users tweaking a URL in order to access the original version of images, for example to view an image without<\/em> the added watermark, minus the cropping parameters that have isolated a specific face in the image, or without the pixelate_faces<\/code> effect hiding people\u2019s identity, etc.<\/p>\n

To provide more control over access to your images, Cloudinary offers out-of-the-box support for uploading resources as authenticated<\/a>. By default, these authenticated resources can only be accessed with a signed delivery URL: a dynamic URL with a signature that must be validated before the resource is delivered. The signature is based on all the dynamic parameters included in the URL, so changing any parameter or value in the URL will invalidate the signature and thus access to the requested resource will be denied.<\/p>\n

An example of the single line of code needed for uploading an image as authenticated:<\/p>\n\n Loading code examples<\/span>\n <\/cld-code-widget>\n

An example of the single line of code needed to deliver an authenticated image (also scaled to a width of 300 pixels). Note the signature component in the resulting URL (automatically added when using our SDKs):<\/p>\n

\n Loading code examples<\/span>\n <\/cld-code-widget><\/p>\n

The signed delivery method described above may meet your authentication needs in many cases, but what if you want to limit access to your resources to a particular IP address, or to specific users, or for a limited time until they are released? In order to support more advanced requirements for authentication, Cloudinary has added new authentication functionality:<\/p>\n