Storing sensitive information as public files in your Xano database can pose security risks, as anyone with the file URL can access it indefinitely. To address this concern, Xano provides a private file storage feature that allows you to generate signed, time-expiring URLs for your files, granting you better control over when and who can access them.
In this guide, we'll walk you through the process of migrating your existing public files to private storage using a function stack. We'll also demonstrate how to generate signed URLs for your migrated files, ensuring secure access to your sensitive data.
Before we begin, make sure you have a separate private files field in your database table. This field is required for storing the metadata of your private files. When adding a storage field to your database, choose the "private file" option, as this cannot be changed later.
After setting up the function stack, run it to migrate all your public files to private storage. Once completed, you can verify the migration by checking your database table and the private files section in your Xano files library.
To access your migrated private files, you need to generate signed, time-expiring URLs. Here's how:
Now, you can use this signed URL to access your private file within the specified time window. After the URL expires, attempting to access the file will result in an error message.
By following these steps, you can enhance the security of your sensitive data stored in Xano by migrating public files to private storage and generating time-limited access URLs. This approach ensures that your files are only accessible when necessary, reducing the risk of unauthorized access.
This transcript was AI generated to allow users to quickly answer technical questions about Xano.
I found it helpful
I need more support