How we do it:

1. Authorization in the application: all requests to the site only using a secure connection (SSL 3.0).
2. After comparing the login / password pair, all requests are verified with an access key (the password is not transmitted anywhere else).
3. The server accesses the site only using a secure connection (SSL 3.0).
4. Projects are stored on Amazon servers (Alibaba for China). Files are downloaded by link (https) with additional authorization with the access key (key life time - 2 minutes). The files are stored in anonymous form, without reference to the owner.
5. The application communicates with the server in two ways: REST API (SSL 3.0 protection), iRidium protocol (version 1.2.3 and above - AES-256 encryption is enabled by default).
6. Authorized user access rights to the server are defined in the project and are provided through the creation of hash-keys through a trusted node (our site).