如何验证直接上传到S3的数据?
[英]How can I validate data uploaded directly to S3?
问题描述
I have an iPhone application that uploads images directly to S3. 
我有一个iPhone应用程序,可直接将图像上传到S3。 Then it hits an endpoint on my web server and creates a new post with some metadata, along with the S3 URL for the uploaded image. 然后,它在我的Web服务器上命中一个端点,并创建一个包含一些元数据的新帖子,以及上载图像的S3 URL。 All of this occurs over SSL, but what is stopping someone from reverse engineering the endpoint for creating posts and supplying a bogus URL? 所有这些都是通过SSL进行的,但是什么阻止了某人对端点进行反向工程以创建帖子并提供虚假URL呢?
1 个解决方案
解决方案1
1 已采纳 2012-06-14 15:42:18
No, it is not possible to really ensure that only your app can contact your server, but you can provide some kind of signature to your app, which is posted to your server via HTTPS before the real communication takes place. 不,无法真正确保只有您的应用程序可以与您的服务器联系,但是您可以为您的应用程序提供某种签名,该签名在真正的通信发生之前通过HTTPS发布到您的服务器。
Taking a look at API authentication in general is a good idea I think. 我认为一般来看一下API身份验证是一个好主意。 This looks like a goot start: Principles for Standardized REST Authentication 这看起来像个开始: 标准化REST身份验证的原则
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.