CanadianDeer's avatar

Upload file in private folder

Hello,

I come to ask advice. I my form I upload a bank file in pdf. This file must be protect. What will you do to protect this file? Where I can upload this file?

Thanks

0 likes
8 replies
aurawindsurfing's avatar

You are talking about sensitive user data. I would look at s3 or Digital Ocean object storage. They really work great!

steve_laracasts's avatar

Indeed, gone are the days of casually storing anything really, GDPR changed a lot of things - and although it's been a major pain i the ass and taken the best part of a year to get everything I am responsible for in line, I do feel a lot better about everything and it's a great selling point when finding new customers.

While I also avoid Amazon like the plague (shocking ethics) I second the notion of handing the responsibility off to someone else!

If you are determined to store this data your self then you probably need to encrypt it somehow so not even you can read it at any point in the process. The regulations are a bit vague - but essentially in the event that something goes wrong you need to prove you have done everything you could reasonably be expected to to protect your customers data.

CanadianDeer's avatar

@kel_ Do you think it's better when I give this file to Amazon? Because it is a BIC

steve_laracasts's avatar

Sure, as soon as you are no longer storing data it is no longer your responsibility.

I would still check to make sure wherever it is stored it is considered 'compliant' and make sure your part of the application is solid i.e. it's pointless putting data into a secure storage facility if your app is full of holes and lets anyone else get to the data - third party storage is not a get out of jail free card.

CanadianDeer's avatar

So even if in the case that the database, the site and the bic are imported into a secure folder at the host it will not go that's it? @kel_

steve_laracasts's avatar

I don't understand sorry.

I don't see why you would import the site or database into a secure folder. I am not even sure how you would do this.

In summary:

Store all sensitive data in a secure storage facility.

Take steps to make sure your application, server and database are secure.

These are things you should be doing anyway. Understand what you are doing and why.

Good luck!!

Please or to participate in this conversation.