I’m in the initial stages of designing an application that needs to serve up content. This content is what the customer will pay for, so should be protected. Is Netlify suitable for this usecase? A customer will purchase content thru my app and my initial thought is to store this content in Netlify so there clearly needs to be authentication so that it can be served to them only if they have paid for it.
Hey there @plastikfan
Welcome to the Netlify Forums
I’m going to go ahead and move your question to the #opentalk category — your question is a great one, but it doesn’t necessarily pertain to support of a specific feature of Netlify and may well be a question whose answer is more of a web-wide question. Security is a large topic and protecting content is a whole discussion of its own long before isolating that specifically to Netlify or the JAMstack at all.
So, all of that said, I’d be happy to chime in on some security and gating recommendations if you can add more context to what you’re building. What type of content are you trying to protect? How are you serving it? How do you want to gate it? Are you using third party services? Etc. etc. The more the merrier!
Hope that helps!
Hi thanks for your reply. I can’t be too specific about the appplication because it is my client’s IP. However, what I will sya is that the assets are akin to a document containing images. Those documents are will be curated by the client and then my app will service them up to customers if they have paid for it. I am going to use Gatsby to deliver the frnt end, but need to consume those documents from the cms. Each customer will be able to use the document for as long as they need to. As my client is not technical, I need a user friendly way for them to create the documents, but it needs to structure the content according to some kind of schema that we will agree together. The document is not specific to a customer, they are curated by the client and anyone will be able to purchase them. The app, will query the cms and then pprocess the document in accordance with a customer’s interaction with the app. So this is all pretty much static content, with dymamic behaviour characterisd by on the fly interactions. Hope thats clear enough!
As long as any paid customer should be allowed to access all documents that have been shared, this is possible.* You simply need to be able to assign roles in Netlify Identity and set up a role based access control rule to prevent others from accessing these gated pages.
I’d advise to keep creating different website for staging/testing, because at the moment, it’s not possible to delete previous deploys on Netlify without deleting the website. Thus, if you happen to upload sensitive
data to one of the deploys, you can simply delete the testing site and move on as opposed to having to delete the production website and setting it up again.
* It’s possible even otherwise, as in you can allow an individual customer to be able to access a single document, but that is going to be difficult to manage soon if you’ve a lot of users. In such a case, I’d personally advise a different route like using Firebase Storage. The way that would work is, Firebase can protect the content from each individual user using its Security rules. You can combine Netlify Identity with Firebase using Netlify Functions. Using that, you can generate a Firebase Auth user from your Netlify Identity user and thus, keep the auth page working on Netlify, and keep the stored files safe on Firebase too.
Thank you @hrishikesh. Sounds like I need to investiagte Firebase, but that would also lead me to think that they would just cut you out of the tech stack that I end up using.