ScreenSteps Live Security

On this page we will discuss how ScreenSteps Live handles your image data and how it is protected. If you have any additional questions about our security practices at ScreenSteps Live, please fee free to contact us.

Uploading a Lesson to ScreenSteps Live

When you upload a lesson from ScreenSteps Desktop to ScreenSteps Live you are transferring two types of information:

• Lesson Data - text, metadata, tags, etc.
• Images

After Upload

After the lesson data and images are uploaded to the ScreenSteps Live servers, the image data is retained on the ScreenSteps Live servers. But the images are instantly transfered to Amazon S3 servers and deleted from the ScreenSteps Live servers. Amazon S3 is storage service used by many web services since it offers many security and scaling benefits. For a list of other companies that use the Amazon S3 service please see this page on the Amazon site:

Amazon Case Studies

Two Types of Images On S3

When images are uploaded to the Amazon S3 servers they are assigned a url just like any other image resource on the internet.

Images are uploaded as either public or private.

Public Images: If the image is public then anyone who has the full url for the image can see it. Here is an example url for an Amazon S3 image:

Amazon Public URL

Private Images: If the lesson you upload is marked as protected then an authenticated url is generated by the ScreenSteps Live server each time a lesson request is made. The url is only valid for 15 minutes. This means that people can't randomly enter in urls to see image data. The request for the image must come from ScreenSteps Live servers. So, if a user has permission to see a lesson they can see the images associated with it. If they don't, then they can't see the images.

Here is an example of a protected url that has expired. This url was generated by an authenticated request at ScreenSteps Live and at one time would display an image. But it was only valid for 15 minutes so now the image will not longer be displayed unless a new request is made and a new url is generated.

Amazon Protected URL

 

 

An Example Lesson Request

The diagram above shows an example of a lesson request.

1. The lesson is requested by the user. If the lesson is public then the request is processed. If the lesson is private then the user is authenticated before the request is processed.

2. The ScreenSteps Live servers request the urls for the images from the Amazon S3 service.

3. These urls are inserted into the Lesson Data that is sent to the user's browser.

4. The user's browser then displays the lesson, requesting the image data from Amazon S3.

PDFs and Lesson Packages

The same security applies to lesson PDF and package files that are uploaded to ScreenSteps Live. The only difference is that lesson package files are always marked as private. Only authenticated users can access them.

Terms of Service | Privacy Statement | Contact Us