How download file from IPFS using public key or private key - blockchain

How can I restrict people to download file from IPFS? People will download if I allow them using there public/private key.

Related

Is there any available library to validate bitcoin private key? I am asking user to enter it so i need to verify it first

Is there any available library to validate bitcoin private key? I am writing a code in which i ask user to enter the private key to import address but i want to validate they private key entered by the user.

Add SSL on mysubdomain.parseapp.com

I've created a subdomain for my parse app and I need to protect the connection while logging and during my session.
Assume that I don't have any public domain name and I will still use just the url of (mysubdomain.parseapp.com) then is all I need to get buy a certificate and get the two files for:
SSL Public Certificate
SSL Private Key
and just upload it to parse through the settings page ? or will I need to do something else ?
Just need a confirmation that my understanding is correct.
Kind Regards,
Robear
The private key would come from the server. A Certificate Authority is only going to give you a domain cert. For example "mysubdomain_parseapp.com_crt" and yes you'll need to upload the domain cert, private key (which is generated during the CSR request), plus the CA's intermediate cert (the CA should advise which one and where to download it).
In order for a CA to issue out a cert. You need to own the root domain or have permission by the owner. In your case you would need to prove that your the owner or have permision to purchase an SSL cert with "parseapp.com"

get flickr private images by API

Does anyone knows, if I can get my private images from flickr, using flickr API.
I need to get my private flickr images using the API,
What I'm trying to do is to create a password protected flickr Set, for my website.
In the application I'm gonna get the images from flickr, which are in a private set, I'll share a username and password with my friends, then, when they authenticate into my website they will be able to see my private flickr images.
You need to authenticate as a user (who is the owner of the private pictures): http://www.flickr.com/services/api/auth.howto.web.html.

Use OAuth or Public Key API for private YouTube application?

I would like to create an application using PHP that would authenticate to only my YouTube account/channel to create playlists, upload and play videos/playlists which would be set to Private. For now, users will not be logging into their own YouTube accounts and my application will not access their information.
Should I use OAuth or the Public Key API? What are the advantages and disadvantages of each?
Is it necessary that the user interacts with OAuth?
What are the implications with the Public Key if the application is on a shared hosting web server (many customers having the same IP address)?
You must use OAuth if you want to access or modify any private data, e.g. upload videos.
After all, you are the (one) user who has to authorize remote access on behalf of your account.
API Keys are only used for retrieving public data and wouldn't get you far in your case.
As long as you use your designated url (e.g. 'mydomain.net/myyoutubeapp), there won't be any problems on a shared hosting web server.
The public key and OAuth are both useful but for different need
With the public key, you can just fetch the public information you can normally access on Youtube without being authenticated like search, view videos, get the public information about a user/a playlist/a video, read comments.
If you use OAuth, you'll be able to manage your user's account, playlist, favorites song etc. You are just limited to the permission your users accepted like upload a video on his account, post a comment etc. So, you can do all what you're allowed to do with a public key + the action authorized by the user. But to use OAuth, you have to redirect your user to the authorization form of youtube:
and then, if the user accept, you'll have the access granted to do what you're allowed to with the permissions you asked for.
There is not advantage or disadvantage of both methods, just depends of what you need for your application
In your case, you should use OAuth to generate a valid access_token and a refresh_token for your account if you want to upload videos and manage your playlist. When your access_token expire, you can generate a new one without display the authorization popup with the refresh_token.

Is it possible to retrieve access keys from a AWS user using his login information?

I'm trying to build a project to help users manage their S3 account. To do this, however, it requires them to manually provide me with their access key. It's complicated though, and I'd like to make it easier for them.
Is there a way that I can retrieve their access keys by using their login information?
I'd prefer if the solution was in PHP, but it's not an obligation.
Thanks!
If S3 buckets are for users in your account
If you're talking about access keys associated to users in an account that you countrol, have a look at AWS Identity and Access Management / ListAccessKeys.
IAM [ Identity and Access Management] is a web service that enables
AWS customers to manage users and user permissions under their AWS
account
If S3 buckets are for an account that you do not own
If you're talking about an access key associated with someone else's AWS account (as well as per your comment the secret key), according to AWS you can only get the access key from the Access Keys tab on the AWS Security Credentials page.
This makes perfect sense, as the access key is a protected account secret. Providing an API to retrieve secrets would not make sense.
Additionally, if a user provided you with their account credentials, that would be an enormous security issue. You could spin up any AWS resources you wanted and they would be liable. Even if they trusted you 100% not to do that, if you allow that login data to be hacked, the hacker could do the same. If LinkedIn login data can be hacked, you can be hacked too.
Given the the user name you can list the users accesskeys using ListAccessKeys api.
But there seems to a catch in your problem. In order to use the above api you will need to sign the request with an accesskey - secret pair. And I dont think you will have they coz you are building a tool for other other unless the users in your aws account and full permission atleast on s3 and iam.
Then again this will allow you get only the accesskeys not their secret. Asking for the secret is like asking someone for their password so that you can do something on their behalf. So you can't get the secret from the aws through any api, the only way to get it is if the user gives it to you.
I found out a way to make it work. Basically, I've set up a Selenium Webdriver server and downloaded all required C# files. I then created this little script:
static void Main(string[] args)
{
IWebDriver driver;
driver = new FirefoxDriver();
driver.Navigate().GoToUrl("https://aws-portal.amazon.com/gp/aws/securityCredentials");
driver.FindElement(By.Id("ap_email")).Clear();
driver.FindElement(By.Id("ap_email")).SendKeys("USER#EMAILACCOUNT.COM");
driver.FindElement(By.Id("ap_password")).Clear();
driver.FindElement(By.Id("ap_password")).SendKeys("HISPASSWORD");
driver.FindElement(By.Id("signInSubmit")).Click();
IList<IWebElement> keys = driver.FindElements(By.LinkText("Show"));
int nbElems = keys.Count;
System.Console.WriteLine(nbElems+" keys");
foreach (IWebElement k in keys)
{
String toparse = k.GetAttribute("href");
Regex regex = new Regex(#"'(?<key>.*)','(?<secret>.*)'");
GroupCollection groups = regex.Match(toparse).Groups;
System.Console.WriteLine(groups["key"] + " " + groups["secret"]);
}
driver.FindElement(By.LinkText("Sign Out")).Click();
driver.Quit();
}
Now I just need to find a way to send the user information safely to this script.
Thanks for the help guys!

Resources