[英]How to securely access a file in the application using s3 bucket URL
In my application we have to open some pdf
files in a new tab on click of an icon using the direct s3
bucket url
like this: 在我的应用程序中,我们必须使用直接
s3
存储桶url
在图标单击时在新选项卡中打开一些pdf
文件,如下所示:
http://MyBucket.s3.amazonaws.com/Certificates/1.pdf?AWSAccessKeyId=XXXXXXXXXXXXX&Expires=1522947975&Signature=XXXXXXXXXXXXXXXXX
Some how i feel this is not secure as the user could see the bucket name, AWSAccessKeyId
, Expiration
and Signature
. 我觉得这有些不安全,因为用户可以看到存储桶名称,
AWSAccessKeyId
, Expiration
和Signature
。 Is this still considered secure ? 这仍然被认为是安全的吗? Or is there a better way to handle this ?
还是有更好的方法来解决这个问题?
Allowing the user to see these parameters is not a problem because; 允许用户看到这些参数不是问题,因为;
But I have two suggestions for you; 但是我有两个建议给你; 1. Use your own domain, so the bucket is not visible (you can use free SSL provided by AWS if you use CloudFornt), 2. Use HTTPS instead of plain HTTP.
1.使用您自己的域,因此看不到存储桶(如果使用CloudFornt,则可以使用AWS提供的免费SSL),2.使用HTTPS而不是纯HTTP。
And if for any reason you absolutely dont want your users to see AWS parameters, then I suggest that you proxy the access to S3 via your own API. 并且,如果出于任何原因您绝对不希望用户看到AWS参数,那么我建议您通过自己的API代理对S3的访问。 (though I consider it unnecessary)
(尽管我认为这是不必要的)
I see you access with http (with no SSL). 我看到您使用http访问(没有SSL)。 You can do virtual hosting with S3 for multiple domains.
您可以使用S3对多个域进行虚拟托管。
https://docs.aws.amazon.com/AmazonS3/latest/dev/VirtualHosting.html https://docs.aws.amazon.com/AmazonS3/latest/dev/VirtualHosting.html
and create signed url based on your domain and you are good to go. 并根据您的域创建签名的URL,您一切顺利。
If you are using SSL, you can use Cloudfront 如果使用SSL,则可以使用Cloudfront
and configure cloudfront origin to point to your S3 bucket. 并将Cloudfront原点配置为指向您的S3存储桶。
Hope it helps. 希望能帮助到你。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.