FileShip

02/24/2025
static/img/project_imgs/Screenshot_2025-02-23_at_11.54.39PM.png
Tags

FileShip: A File Sharing Web Application

As data privacy becomes increasingly critical in today’s digital world, I’ve been working on a fun and educational project to learn about secure file sharing. I’m excited to introduce FileShip, a file sharing web application designed to make transferring files between senders and receivers as safe and efficient as possible.

FileShip leverages modern web technologies like WebRTC and WebSocket Secure (WSS) to provide a transmission channel for sending files directly between browsers. What makes FileShip stand out is its focus on security and efficiency throughout the entire file transfer process.

In this post, I’ll walk you through some of the key security features and design considerations that have been incorporated into FileShip, as well as some of the challenges I encountered while building this application.

Please note that I’m not a security expert, and while I’ve followed some best practices, I can’t guarantee absolute security. However, I’ve made every effort to ensure that the application provides a high level of protection.

FileShip App

 

Core Security Features

When building a secure file sharing application, protecting the communication channel is absolutely critical. Here are some of the core security features integrated into FileShip:

Secure Communication

  • WSS (WebSocket Secure) for Signaling Channel: All signaling messages exchanged between the sender and receiver are encrypted using WSS, ensuring no unauthorized parties can intercept or alter communication during the connection setup.
  • HTTPS for Web Traffic: HTTPS ensures that all web traffic, including initial page loads and user interactions, is securely transmitted with encryption to protect against eavesdropping and man-in-the-middle attacks.
  • WebRTC with Encrypted Data Channels for File Transfer: WebRTC data channels are used to transfer the actual files, which are encrypted end-to-end. This ensures that the contents of the files are protected throughout the transfer, even if the communication path is compromised.

Anti-Replay Protection

  • FileShip implements mechanisms to protect against replay attacks, ensuring that an attacker cannot intercept and replay previous file transfer requests to gain unauthorized access to files.

Rate Limiting & DDoS Protection

  • To prevent abuse and ensure the application remains available to legitimate users, rate limiting and DDoS protection are incorporated. This ensures that an attacker cannot overwhelm the system with excessive requests.

 

Data Integrity

Ensuring the integrity of transferred data is essential to a secure file sharing application. FileShip uses several techniques to verify that the files transferred are complete and unaltered:

Chunked File Transfer

  • Large files are split into smaller chunks, which are sent separately and reassembled on the receiver's end. This approach not only helps in managing large file sizes but also provides better error handling and transfer resilience.

Error Prevention & Recovery

  • Missing Chunk Detection: If a chunk is lost during transmission, the receiver can automatically request a retransmission of the missing chunk.
  • Automatic Retransmission: Should a chunk not be received correctly, the system will request a retransmission to ensure completeness.
  • Hash Mismatch Handling: At the end of a transfer, a hash is generated to ensure that the transferred file matches the original. If a mismatch occurs, the receiver will automatically request the missing chunks and ensure a valid file is received.

 

File Transfer Features

I wanted to make sure the file transfer experience was smooth and intuitive while still prioritizing security. Here are some notable file handling features:

Chunked Transfer

  • Files are sent in small chunks, which means that even in cases of network interruptions, only small parts need to be retransmitted, reducing transfer times and improving efficiency.

 

Memory Management

  • Efficient memory management is implemented to prevent excessive memory usage, ensuring the application performs well even with large files or multiple concurrent transfers.

 

User Features

A key part of FileShip’s design was making sure that the user experience was both secure and seamless.

File Handling

  • Multiple File Selection: Users can select multiple files at once, which will be handled securely and transferred efficiently.
  • Progress Indication: As files are transferred, users can see real-time progress indicators, giving them feedback on how much time remains for the transfer.

Session Management

  • Unique Pairing Codes: Each file transfer session is uniquely identified by a pairing code, which adds an additional layer of security and ensures that only the intended receiver can access the transfer.
  • Session Timeouts & Cleanup: To prevent unauthorized access to abandoned sessions, FileShip automatically cleans up inactive sessions after a set timeout.

 

Sender gives unique code for connection. Refreshes every 30 seconds.

 

Receiver code input for connection to sender.

 

Sender connected and ready to send files.

 

Receiver connected and received file from sender.

 

Challenges and Fun Learning Opportunities

Building FileShip has been a fun and educational journey, particularly when it came to the challenges of securely sending data over web channels. One of the biggest hurdles was ensuring that file transfers remained secure even in the face of potential connection disruptions. Handling interruptions, retries, and making sure the file integrity was preserved took some time to get right, but it was a rewarding experience.

I also spent a lot of time learning about WebRTC, WebSockets, and encryption techniques. The process of securely exchanging keys and ensuring data integrity while maintaining a seamless user experience really stretched my understanding of both security and file transfer protocols.

 

What’s Next?

FileShip already has several security features, is efficient, and user-friendly, but I’m excited to monitor its performance and usage over time. I look forward to seeing how users interact with the application and whether any further optimizations can be made and securities can be added. Future updates might include a freemium model, support for larger file sizes, more robust error handling, and even more ways to protect against malicious attacks.

In conclusion, FileShip provides a great way to securely transfer files between browsers, with a focus on security and efficient data transfer. The process has been a fantastic opportunity to learn and apply modern security practices, and I’m excited to see where it goes from here! While I’m not an expert in security, I’ve taken the necessary precautions to ensure a high level of protection, but like with any system, it’s always important to stay vigilant.