从公共S3存储桶获取图像有困难吗?
[英]Difficulty of getting image from public S3 bucket?
问题描述
I want to use S3 to store user uploaded images. 
我想使用S3存储用户上传的图像。 Some images like profile pictures and other thumbnails should be visible to anyone. 任何人都可以看到某些图片,例如个人资料图片和其他缩略图。 However, I also want to have some images to be visible to users in the group that the image was "posted" to. 但是,我还希望某些图像对于“发布”到该图像组中的用户可见。
My app will handle all of the logic to decide whether or not a certain user has access to the image. 我的应用程序将处理所有逻辑,以确定某个用户是否有权访问该图像。
My question is: with a public S3 bucket and my app controlling the visibility of the images, how hard would it potentially be for someone to see images that they generally don't have access to? 我的问题是:在公共S3存储桶和我的应用程序控制图像可见性的情况下,某人看到他们通常无法访问的图像有多困难?
Is there a better way to set up an S3 bucket to meet these requirements? 是否有更好的方法来设置S3存储桶以满足这些要求?
Thanks. 谢谢。
1 个解决方案
解决方案1
2 已采纳 2017-10-08 02:08:32
The best approach is: 最好的方法是:
- Do not grant public access to any of the images/objects in Amazon S3 不要授予对Amazon S3中任何图像/对象的公共访问权限
- Your application at all times determines whether they should be allowed access 您的应用程序始终会决定是否应允许它们访问
- For users who are allowed access to an image, create an Amazon S3 Pre-Signed URL , which is a time-limited URL that will grant access to the object. 对于被允许访问图像的用户,请创建一个Amazon S3预签名URL ,这是一个有时间限制的URL,将授予对该对象的访问权限。
Your application can generate the pre-signed URL in a couple of lines of code, without requiring a call to AWS. 您的应用程序可以通过几行代码来生成预签名的URL,而无需调用AWS。
This way, all your security is maintained by the application rather than having to selectively make some objects public and there is no way for people to gain unauthorized access to objects. 这样,您的所有安全性都由应用程序维护,而不必有选择地将某些对象公开,并且人们无法获得对对象的未授权访问。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.