将任何用户文件上传到 S3 存储桶是否安全?
[英]Is it safe to upload any user file to an S3 bucket?
问题描述
I want to let users upload file to attach them to a form, is it safe for me to let them upload and retrieve any file or should I be wary of XSS or any other possible vulnerability?
我想让用户上传文件以将它们附加到表单中,让他们上传和检索任何文件对我来说是否安全,或者我应该警惕 XSS 或任何其他可能的漏洞吗? The files would be available from the amazonaws domain rather than my own.这些文件可以从 amazonaws 域而不是我自己的域中获得。
1 个解决方案
解决方案1
1 2019-04-29 01:41:06
The secure way to do this would be to use Pre-signed URLs to let them upload new files and only download specific files.执行此操作的安全方法是使用预签名 URL来让他们上传新文件并仅下载特定文件。
Pre-signed URLs are time-limited URLs that allow a specific file to be uploaded/downloaded.预签名 URL 是有时间限制的 URL,允许上传/下载特定文件。 Your application will be responsible for generating these URLs for each specific user.您的应用程序将负责为每个特定用户生成这些 URL。 (It is just a few lines of code.) (这只是几行代码。)
See:看:
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.