Protect download link with password

[paulgalow]

It might be useful to have an option to protect a download URL with a password.

Potential benefits

• Users can more confidently share sensitive information by not only sharing a URL but also requiring a password in order to download the file

Thoughts on how to implement that

• Use DynamoDB table item attribute to store download password
• Alternative: Store download password as object metadata on each uploaded file. Would alleviate need for separate database but would add more latency since S3 would effectively act as a database. Also not sure about potential unwanted security implications of storing passwords that way
• Caveat: This would probably require some kind of web frontend for users to type in the download password

[lmammino]

Thanks a lot for submitting this, @paulgalow!

I like the alternative approach. We might be storing a hashed version of the password to alleviate any security risks.

At the same time, I feel the need for storing other file-related metadata in DynamoDB might creep in for other feature requests (e.g. what is being discussed in #8 and #10). At that point, it might make more sense to also store the password in DynamoDB...

Definitely worth thinking more about this feature and trying to draft a first implementation

[paulgalow]

I think you're right. Using DynamoDB adds a little bit of complexity in the beginning but makes future development much more flexible.